[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-enviro
From: Philihp Busby via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2020-12-24 12:29:31
Message-ID: X+SJqwBY5HkmZLuy () eudaimonia ! local
[Download RAW message or body]
On 2020-12-22T13:31:42+0100 Christian Chavez via Gnupg-users
<gnupg-users@gnupg.org> wrote 2.8K bytes:
>I'm currently helping my workplace test out Yubikeys - to see how/if
>they could help us with our software development. One expected benefit
>is to allow developers cryptographically sign Git commits/tags (e.g).
I hope I'm not the only one on this list that may have left innocuous
commits forged under the name of someone who didn't work there anymore
to prove that a less ethical person may have already gotten away with
actually committing malicious code.
I was in an org once that had a neat system of generating SSH keys on
hardware tokens, and then distributing them to the servers that each
person should have access to. It was hella cool. I did something
similar with my home LAN by swapping ssh-agent for gpg-agent on my
terminals, and using a keyserver to distribute my public key to devices.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic