PGP key implementation question
Hello! Sorry, this is not quite the right place, but as I previously got good answers about the PGP servers from you guys, I thought that maybe somebody could help me again. (Plus I tried to subscribe to the PGP mailing list, but either it's down as nothing happened or completely gone as the website was not found...) Ok, rolling out PGP at a small company. This is what I'm thinking. 1) Master signing key that is used to sign every key - Not uploaded to keyservers, just on the https-page with fingerprints and all - No encryption key - No email - My key added as revokation key Q: should I sign this? Q: if https-page is not available (from our IT), should I then sign this (my key will be uploaded to the key servers)? Q: should the global revokation key be added also 2) Global revokation key (Only use is to revoke other keys) - Signed by the master key Q: Does this need the encryption key, or should I delete it also? Q: If it needs, then it needs a email address also? Q: Should this be uploaded to the key server 3) ADK - Not uploaded to keyservers - Signed by the master key - AFAIK, needs an encryption key and therefore an email address? - Will be split later on (when I learn that stuff) 4) Individual email keys - Global revokation key as the revoking key - ADK added as the ADK key - Signed by the master key - added to the key servers How does this sound? -- HG.
On Tue, 10 Oct 2006, HG wrote: Hi, The PKI issues are probably too complex (at least to me :) than it can be handled in some mails. There are whole books covering this issue. There should be some FAQs in the web regarding this. Most companies use the pks public key server. As far as I see you are mainly concerned about a root of trust and revocation lists. I do not know yet how to handle this correctly with pgp keys since the pgp system is rather based on a web of trust than a single instance. Master-keys should probably be distributed "on disk", maybe created in the users homedir when the user is created. revocation-list services can always be DoSed. Sebastian
Hello!
Sorry, this is not quite the right place, but as I previously got good answers about the PGP servers from you guys, I thought that maybe somebody could help me again. (Plus I tried to subscribe to the PGP mailing list, but either it's down as nothing happened or completely gone as the website was not found...)
Ok, rolling out PGP at a small company. This is what I'm thinking. 1) Master signing key that is used to sign every key - Not uploaded to keyservers, just on the https-page with fingerprints and all - No encryption key - No email - My key added as revokation key Q: should I sign this? Q: if https-page is not available (from our IT), should I then sign this (my key will be uploaded to the key servers)? Q: should the global revokation key be added also 2) Global revokation key (Only use is to revoke other keys) - Signed by the master key Q: Does this need the encryption key, or should I delete it also? Q: If it needs, then it needs a email address also? Q: Should this be uploaded to the key server 3) ADK - Not uploaded to keyservers - Signed by the master key - AFAIK, needs an encryption key and therefore an email address? - Will be split later on (when I learn that stuff) 4) Individual email keys - Global revokation key as the revoking key - ADK added as the ADK key - Signed by the master key - added to the key servers
How does this sound?
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
participants (2)
-
HG -
Sebastian Krahmer