PGP 8.0 Enterprise: PGP standards for key creation process

PGP 8.0 Enterprise: PGP standards for key creation process

Post by Be » Sun, 27 Apr 2003 06:34:49



Has anyone come across (or developed) a set of standards for rolling
out the PGP 8.0 Enterprise products? I'm currently involved with a PGP
eval and we'd like to do our build "by the book" if there is one.

The PGP documentation is fairly high-level and does not contain much
guidance on best practices for key creation, splitting/sharing and
rejoining.

for example one question we have is: if we split the Corp signing key
and it is held by three people, when do those people need to re-join
the key? Is it only when the Corp Key is modified? Or do they have to
re-join it every time the key is used by the system (that would be a
big pain in the ass if every email needs to be certified as coming
from our domain and therefore needs to be signed by the Corp signing
key).

anyone with a clue please speak up as the PGP docs are lacking and
they want us to pay for tech support on our eval. which kind of hurts
their chances of making a sale IMHO.

-ben

 
 
 

PGP 8.0 Enterprise: PGP standards for key creation process

Post by Jason Ti » Mon, 28 Apr 2003 22:38:09


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bad idea! You should not sign every document leaving your domain with your
corp sign key!
It is for signing employee keys to prove that they work for your company (so
their sig has the
same effect)

However if you are sure this is what you want to do then yes, the key does
have to be rejoined
for everything: signing, decrypting, changing properties: EVERYTHING

| (that would be a
| big pain in the ass if every email needs to be certified as coming
| from our domain and therefore needs to be signed by the Corp signing
| key).
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPqvdP8fsqVOt5QlRAQKDRQ/6A+067cnTeH711zr22i866rSuOoMUuBVf
Pp4003PPt0wCZm7GZ0o5cIa+ms9X6Bp6HVC5qiSpki5N+a2bRFCPEiSlQbzQseNv
89LTfzixko0Jepgtrs4eZjVtC05jpW3S7fpRao3gr4Tcmy/3DpEKJfUmEv6N05bQ
twhs4XZlmsn0Aga1F0gqP9HnY9tTn1w9/xJ4ReTlG3QSTGZlE4Y4V9569f9KPLmE
kzw3aWZCRoZ7q+HzNJ0GqDJs3NKM4QPGv84BUR+SiVytv8v/4/k80HCRVXKBmeN9
URU6u4aSJxzdqBy32FYaQvMMsHl5j4a4JBTmzyY7chi4nXSkeTlRrqT0oghc1+7B
fDWEcaBeHpHTgEnA/yIYBpGuBsYW0CR6FQ2/Km32vdnVpA9SpvdVV8OEsSN9qgG/
iWC2P4fxHCBq8NZrDLC3VDjDww+RIyIpwbaG1Dl4xQOFSuq+IAaBXvMjKSFLjZgK
TfxTAbcjDtak+2UMeLJzncoiCKSy1VpxnQWOmg6wkBhVi6ht/CAITXs8KkxgLJ5p
2PEVK4QCoGgHty4TkKgzdT8wqlwVeLuVsKG+f6SED7BWzpAcnIkTvIex98DoT5Gx
Es7WMewp09Hq+7w5C/r9WKcsrBlLgKsiGZwjwhgDCgUS6L27dPlpgB0Reo8xOVXG
0jlJpGXZSZU=
=/RWE
-----END PGP SIGNATURE-----

 
 
 

1. PGP 8.0 and PGP Mobile for Palm (compatability note)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am waiting for the server traffic to die down, but I want to remind
the Palm users about this note in the read-me for PGP Mobile 2.0.2
System Requirements:

"The conduit in this release is not forward compatible with PGP 8.0.
A maintenance release of PGP Mobile for Palm OS will be released to
address this."

Has anyone either

a)  trashed their palm with desktop 8.0 installation
or
b)  successfully upgraded to 8.0 with Palm 2.0.2 still installed

Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPe2CzJ55AOjdVgeLEQJhWACdE+PaNUytLeudJJ91fp3eKE4MKJkAmwUD
NbiAxtthAZ0Iv+NUKZA18DQL
=3d0Y
-----END PGP SIGNATURE-----

2. Error 65 Network Access is Denied !

3. I can't download PGP 8.0 beta in PGP.com

4. Help: Keyboard setup woes! Please help

5. PGP @.6xxx to PGP 8.0

6. ST: THROUGH THE YEARS

7. PGP 2.6.3ia question about key creation

8. Round - Robin Algorithm Selection.

9. ANNOUNCE: X-pgp standard for PGP shell/frontend developers

10. how 2 pgp keys in pgp disk

11. Help: cannot open pgp keys (pgp 6.0.2)

12. GroupWise and PGP searching for PGP keys

13. PGP needs a large-scale trusted PGP key signer/server