Re: Modernizing Web-of-trust for Organizations

On 01/06/2018 12:23 AM, Lou Wynn wrote: > On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 05:29 PM, Lou Wynn wrote: >>> The auditing key is certified by the root key and stays with the latter >>> in my design. Only the administrator can make policy to turn on/off >>>

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: > On 01/05/2018 05:29 PM, Lou Wynn wrote: >> The auditing key is certified by the root key and stays with the latter >> in my design. Only the administrator can make policy to turn on/off >> auditing, the client plugin takes corresponding

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 05:29 PM, Lou Wynn wrote: > On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: >> There are easily scenarios where a customer forgets to add the "auditing >> key", making the data unavailable to the organization, in particular in >> context of loss of employee. >> > The auditing

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:28 PM, Ben McGinnes wrote: > It seems to me, though, that the idea was to provide a means for the > company to repudiate an employee's key even if the employee was no > longer available. This is just one of the benefits enabled by my goals which I stated at the beginning, and it

Re: Upgrading from gpg1 to gpg2: lots of trouble, need help

On Thu 2017-12-21 16:19:00 +1100, raf wrote: > Sorry, I thought I already did. The 4th point above does not > work. When the public-facing host connects via ssh to the > key management host, and runs gpg, instead of it successully > connecting to the existing gpg-agent process that I started >

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: > There are easily scenarios where a customer forgets to add the "auditing > key", making the data unavailable to the organization, in particular in > context of loss of employee. > The auditing key is certified by the root key and stays with

Re: How do you find out the Keygrip of a v3 key?

On 01/05/2018 02:59 PM, MFPA wrote: > These old keys are not supported in GnuPG 2.1/2.2 and the > - --with-keygrip option is not valid in GnuPG 2.0 or 1.4. > > I have googled, but could not come up with a search term that produced > any relevant hits. I'd start with libgcrypt's

How do you find out the Keygrip of a v3 key?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Is it possible to find out the Keygrip of a version 3 key? These old keys are not supported in GnuPG 2.1/2.2 and the - --with-keygrip option is not valid in GnuPG 2.0 or 1.4. I have googled, but could not come up with a search term that produced

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 10:13 AM, Andrew Gallagher wrote: > >> On 5 Jan 2018, at 08:41, Lou Wynn wrote: >> >> The only need for an >> organization to access their data is decrypting the encrypted data, >> which is satisfied by the auditing key. > > The standard way of doing this

Re: Modernizing Web-of-trust for Organizations

> On 5 Jan 2018, at 08:41, Lou Wynn wrote: > > The only need for an > organization to access their data is decrypting the encrypted data, > which is satisfied by the auditing key. The standard way of doing this without allowing for impersonation is escrow of the encryption

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 09:41 AM, Lou Wynn wrote: > On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: >> Businesses have reasonable need to access their data, so they need to >> have access to his private keys, which contradicts "which >> is meant to prevent others from using his private keys", although

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: > Businesses have reasonable need to access their data, so they need to > have access to his private keys, which contradicts "which > is meant to prevent others from using his private keys", although > reading it again I presume you're limiting

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:46 AM, Lou Wynn wrote: > On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 01:12 AM, Lou Wynn wrote: >>> I guess that you've missed somewhere I said in my previous posts that >>> the end user chooses his own password to protect his key password, which >>> is