Follow
🇳🇱
So I am currently restructuring my companies security policy and trying to get Open PGP as a central point in all this.
Any input on how others have structured their trust network inn a corperate setting.. How do you verify which keys are employees and what roles (such as deploying software) people have?
I have my own idea as to how im going to structure this but I'd love to hear other peoples thoughts first
cc: @inference @itzzenxx
@freemo PGP, in any implementation, is awful and should be phased out as quickly as possible. PGP was created before security in computing became a real, widespread thing.
This article explains the situation in its entirety:
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
High security projects such as GrapheneOS have already dropped PGP and switched to the superior OpenBSD Signify, which does a much better job at PKI signing, in a much safer way:
https://www.openbsd.org/papers/bsdcan-signify.html
age can be used as a superior PGP PKI encryption replacement, again doing its job in a much better and safer way than PGP ever did or can:
https://github.com/FiloSottile/age
This article explains the situation in its entirety:
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
High security projects such as GrapheneOS have already dropped PGP and switched to the superior OpenBSD Signify, which does a much better job at PKI signing, in a much safer way:
https://www.openbsd.org/papers/bsdcan-signify.html
age can be used as a superior PGP PKI encryption replacement, again doing its job in a much better and safer way than PGP ever did or can:
https://github.com/FiloSottile/age
@inference Do either of these solutions have hardware encryption options similar to yubikey?
