[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: epiphany

At  3:24 PM 7/15/96 -0400, Carl Ellison wrote:
>The president of a company I worked for long ago wanted a PGP key for
>correspondence overseas (that being the only way the US gov't would allow).
>So, I offered to show him how to generate one.  No -- he wanted his
>secretary to generate it in his name.  Not "Carol acting for David" but
>"David".  Why?  Because he wanted his correspondents to have the warm fuzzy
>feeling of knowing they were speaking directly to the boss, not to his
>secretary -- even when they were actually speaking to his secretary.
>This man fully understood security, I&A, etc.  He made a decision on psych
>grounds rather than security grounds.

I have no real problem with this solution if the local policy permits it. 
Most people sending business correspondence to a person with a secretary
expect that the secretary will see it first.  I, for one, hope the
secretary will be able to generate any needed response since that is likely
to be much faster than if the matter has to wait for the boss.

It may well be that David would, in reality, have more than one key.  He
shares one with Carol and keeps the other private.  Both keys have his name
attached to them.  On the other hand, if Carol can indeed act for David in
all things, then there is no reason for them not to share a key.

In real life, the "Carol acting for David" may be more appropriate if
Carol's role is temporary.

Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA