[oclug] gpg keys
Francis J. A. Pinteric
linuxdoctor at linux.ca
Wed Jun 18 11:38:38 EDT 2003
On Thu, 19 Jun 2003 11:30:01 -0400
Bruce Harding <bruce at computerbooksforless.com> wrote:
> Hi,
>
> Question:
>
> I was wonder about how to use gpg keys. I've been thinking of signing
> all messages from the store email address. Now do I use my personal
> key or do I create on for my store email address? Is there a general
> policy on this?
>
The policy is pretty much up to you. If you want to use your personal
key, then go ahead. Then again, there are advantages to having the
store have it's own key. Of course, then the issue becomes one of
trust. How do I know that this is really the store's key?
Personally, I'd create a key for the store, and then sign it with your
own personal key. That way, people who trust your key (by signing it
with theirs) can also trust the key that you sign.
Hope this helps.
>>>--fja->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20030618/6213ee50/attachment.bin
More information about the OCLUG
mailing list