We've made a preview site showing how Fluidkeys can make PGP simple for engineering teams...
I'd really appreciate your feedback!
https://www.fluidkeys.com/blog/preview-simple-pgp-for-engineering-teams/
@wiktor That's great to hear! :D We should set up a call soon to talk more specifically! Any integrations particularly stand out for you?
@paul 🤔 I didn't think about this too much, but I had problems with getting non-technical people to use at least encrypted e-mail via Enigmail.
I did some dry-run clean installations of Enigmail and the setup wizard was really bad, crashed on last step and I couldn't proceed. If technical people can't get this easily installed how can non-technical people do so?!
@wiktor The authority key model is the sort of thing we're planning: the team roster is a signed file containing the fingerprints of the whole team and the team's admin (similar to gpgsync). Then Fluidkeys can either 1) set "ultimate" trust to the admin in GnuPG or 2) locally-sign all the team keys in the roster.
There are pros and cons to each: 1) gives the admin control over keys *outside* the team which is strange.
@paul
> There are pros and cons to each: 1) gives the admin control over keys *outside* the team which is strange.
That can be mitigated with trust signatures, where you can specify that you trust this key to sign keys *only* from given domain e.g. "example.com". Check out `gpg --edit-key $KEY` and `tsign` command. This excellent post goes into more detail: https://www.linuxfoundation.org/blog/2014/02/pgp-web-of-trust-delegated-trust-and-keyservers/
@wiktor Once again, hats off to your knowledge! :D
@paul Haha, glad I could be of service :) Have a nice day!
A social media community hosted in the UK; part of the Mastodon/ActivityPub federated social network, which allows you to follow users on other communities. It's a bit like Twitter but without a single company in control.
If you use this server, you are required to abide by our Code of Conduct. If you don't like it, there are plenty of other communities you can use.
If you're coming here from Twitter, there are some very useful services to help you find friends and automatically crosspost toots that you might like to set up once you're signed in.
Backers
This is a volunteer-run community administered by @floppy, and hosted by Mastohost in the UK. Please support our running costs by joining the Open Collective and becoming a backer. Thanks go to our existing backers - this place exists because of them!
Service status is available from our status page and the @status account.
@paul Staggering amount of integrations! If Fluidkeys can/will configure these tools without the user touching them manually I'm all in!
There is also GpgSync (https://github.com/firstlookmedia/gpgsync#gpg-sync) that could be useful in this context.
One more point but some organizations could like the Authority Key model (where one key is designated and operated by IT department and signs other keys). Then not only you'd have team member's keys but GPG will fully trust them (Enigmail would use green bar), no WARNINGs...