On Sat, 16 Mar 2013 12:36, a...@guardianproject.info said: > This seems like a better application of S/MIME as it, by design, is > centralized in the manner you describe.
Hwever, with S/MIME you can _only_ do a centralized key management. OpenPGP allows to implement an arbitrary key management policy. The OP mentioned signing subkeys. This could for example be used to allow several employees to sign data using the same key and the recipient will notice a valid signature with a published fingerprint from the company. A closer inspection would reveal which subkey has been used for signing and this can be used for internal audit processes (similar to the QA labels with an employer number on all kind of products). Revocation of a certain subkey would also be pretty easy. I assume this would easily scale to new dozen subkeys. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
