Hi, let's say that Alice from company A and Bob from company B need to exchange some private data with each other. Alice and Bob need to encrypt data just that one time, they do not belong to web-of-trust, but both company A and company B websites are trusted by certification authority, secure and available only over TLS. This gives a first option where both Alice and Bob ask their IT departments to publish their public keys on the company website so Alice can get Bobs public key over TLS from company B website and the other way around. Or when for example website of company B is not trusted by CA, then Alice can pick up the phone, call the customer-support of the company B and ask for Bob and then ask Bob to send her an e-mail with a public key and verify the fingerprint of the public key over a phone? Are there better(easier to use or more secure) ways to ensure that GPG public key belongs to right person in business to business communication?
thanks, Martin _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users