Has anyone come across (or developed) a set of standards for rolling
out the PGP 8.0 Enterprise products? I'm currently involved with a PGP
eval and we'd like to do our build "by the book" if there is one.
The PGP documentation is fairly high-level and does not contain much
guidance on best practices for key creation, splitting/sharing and
for example one question we have is: if we split the Corp signing key
and it is held by three people, when do those people need to re-join
the key? Is it only when the Corp Key is modified? Or do they have to
re-join it every time the key is used by the system (that would be a
big pain in the ass if every email needs to be certified as coming
from our domain and therefore needs to be signed by the Corp signing
anyone with a clue please speak up as the PGP docs are lacking and
they want us to pay for tech support on our eval. which kind of hurts
their chances of making a sale IMHO.