Follow
🇳🇱
GPG/PGP tip: When trust-signing company keys, either from another company key or a personal key, sign it so you trust the whole company, not just the individual key. To do this use tsign and select a depth of 2 with a domain restriction that matches the company's domain. This will cause you to automatically trust all employees of the company that are trusted by the company's master key and verified without you needing to set the trust individually or verify individual identities.
@freemo Does this cause you to also automatically trust new company keys signed by that key (but not keys signed by them in turn)?