On Thu, Oct 17, 2013 at 01:54:54PM -0700, Robert J. Hansen wrote:
In my proposed scenario, the corporation is doing nothing more than
providing a means for the participants to know that Bob is actually Bob
because the company has checked his id and said he is and providing an
authenticated
On Thu, 17 Oct 2013 17:55, christian.we...@gmail.com said:
I bought a cyberJack go [1] to use it with my openPGP smart card for
authentification. Since the firmware of that device is upgradeable and
is capable of saving atleast 2 GB of data, how can I be sure it is not a
This is not just a
On Thu, 17 Oct 2013 21:26, r...@sixdemonbag.org said:
Is there any way to make GnuPG 1.4 behave like 2.0 in this regard?
Yes. See commit 0bdf121 which will be included into 1.4.16.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On 18/10/13 08:41, Werewolf wrote:
Now what if the Company/HR department had a Notary public, for their
documents, and this same Notary had a gpg key he/she treated same his/her
stamp equipment, and used the same standards before signing a gpgkey?
Then you could simply sign the notary's key
On 18/10/13 11:37, Peter Lebbing wrote:
The moral: I think it is a really bad idea to sign keys because you trust
already made signatures. That's what your trust database is for, use that. You
should sign keys because you verified the identity *outside* the Web of Trust.
However, here an
On 10/18/2013 2:41 AM, Werewolf wrote:
Now what if the Company/HR department had a Notary public, for their
documents, and this same Notary had a gpg key he/she treated same
his/her stamp equipment, and used the same standards before signing a
gpgkey?
Forgive a nonanswer here, but this isn't
On 13-10-18 05:59 AM, Peter Lebbing wrote:
However, here an interesting dichotomy surfaces: the scenario the OP painted
was
that the HR person or notary did not use OpenPGP or key signatures, but that
you
still rely on the identity verification done by the HR person.
That's correct.