We've made a preview site showing how Fluidkeys can make PGP simple for engineering teams...
I'd really appreciate your feedback!
https://www.fluidkeys.com/blog/preview-simple-pgp-for-engineering-teams/
@wiktor That's great to hear! :D We should set up a call soon to talk more specifically! Any integrations particularly stand out for you?
@paul 🤔 I didn't think about this too much, but I had problems with getting non-technical people to use at least encrypted e-mail via Enigmail.
I did some dry-run clean installations of Enigmail and the setup wizard was really bad, crashed on last step and I couldn't proceed. If technical people can't get this easily installed how can non-technical people do so?!
@wiktor The authority key model is the sort of thing we're planning: the team roster is a signed file containing the fingerprints of the whole team and the team's admin (similar to gpgsync). Then Fluidkeys can either 1) set "ultimate" trust to the admin in GnuPG or 2) locally-sign all the team keys in the roster.
There are pros and cons to each: 1) gives the admin control over keys *outside* the team which is strange.
@paul
> There are pros and cons to each: 1) gives the admin control over keys *outside* the team which is strange.
That can be mitigated with trust signatures, where you can specify that you trust this key to sign keys *only* from given domain e.g. "example.com". Check out `gpg --edit-key $KEY` and `tsign` command. This excellent post goes into more detail: https://www.linuxfoundation.org/blog/2014/02/pgp-web-of-trust-delegated-trust-and-keyservers/
@wiktor Once again, hats off to your knowledge! :D
@paul Haha, glad I could be of service :) Have a nice day!
@paul Staggering amount of integrations! If Fluidkeys can/will configure these tools without the user touching them manually I'm all in!
There is also GpgSync (https://github.com/firstlookmedia/gpgsync#gpg-sync) that could be useful in this context.
One more point but some organizations could like the Authority Key model (where one key is designated and operated by IT department and signs other keys). Then not only you'd have team member's keys but GPG will fully trust them (Enigmail would use green bar), no WARNINGs...