We have set up several custom installers with each one containing a different ADK. Depending on these custom installers, we have elected Trusted Introducers supporting the users belonging to a special ADK.
In the custom installer, it is defined that encrypting to invalid keys should not be allowed.
For managing this, we have established our own PKI.
Now the following problem has occurred:
encrypting to a person whose key you do not already have in your local keyring, usually causes an error that results in importing the formerly unknown key from our keyserver to the customer's local keyring.
But if the customer does not have the public key of the appropriate Trusted Introducer in his keyring, encrypting is not allowed either.
In our PKI, each Trusted Introducer is trusted introducer-signed by the highest CA and each user automatically meta-introducer signs this CA.
We remember times when this circle of trust worked. How could it happen that you now have to know the TI of every communication partner? Would be the same as if the CA would sogn everybody manually..
Has anybody of you experienced anything similar or knows someone we could contact??
Sorry, you had to read so much, but the problem is a little complex - as you can see;-)) -
Thanks in advance,
Julia
In the custom installer, it is defined that encrypting to invalid keys should not be allowed.
For managing this, we have established our own PKI.
Now the following problem has occurred:
encrypting to a person whose key you do not already have in your local keyring, usually causes an error that results in importing the formerly unknown key from our keyserver to the customer's local keyring.
But if the customer does not have the public key of the appropriate Trusted Introducer in his keyring, encrypting is not allowed either.
In our PKI, each Trusted Introducer is trusted introducer-signed by the highest CA and each user automatically meta-introducer signs this CA.
We remember times when this circle of trust worked. How could it happen that you now have to know the TI of every communication partner? Would be the same as if the CA would sogn everybody manually..
Has anybody of you experienced anything similar or knows someone we could contact??
Sorry, you had to read so much, but the problem is a little complex - as you can see;-)) -
Thanks in advance,
Julia