On Wednesday 20 Aug 2008, Anand Shankar wrote: > 1. Wanted to set up a GPG Key Server inside my organisation intranet. > I could not find an option to do that. Is it necessary / good idea to > use a Public Key Server for such use?
A private key server seems to be a better option since you are only going to be using signed mails for intra-organisation communications. If you're going to using signed mails for communications outside your organisation too then a public key server would be the way to go. > 2. Whether GPG signed emails / documents internal to the organisation > are treated as 'legal' by auditors? > > 3. Or it is better to use more common X.509 certificates with an > internal CA, where all keys are internal to the organisation, but > counter-signed by Publicly verifiable key. Will this be acceptable to > auditors? IANAL, but Indian law only treats mails signed with certificates issued by a Certificate Authority recognised by the Controller of Certificate Authorities as negotiable instruments. If you're not using official (recognised by GoI) certificates I'd think it makes no difference whether you use GPG or X.509 certificates to sign your mails, and GPG would be simpler to setup and use :) Regards, -- Raju -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
