Steve> We've had this discussion before on the list, over a year ago.
The following was the conclusion at the time:
Steve> It would be preferable to have certificates for roles in a
company, with access to the private key retained by the company as
different employees occupy the same role over time. That eliminates the
issue of who gets to retain the key and who is liable for what. Use of
suitable hardware technology could allow the employee to use the private
key to perform his duties without having access to it. Individually
named employee certificates could be used with keys that employees get
to keep, even if they move to a new company, because the binding between
the key and the old company affiliation is hot listed when you leave the
company.
It's just great that pem-dev decided this, and for certain roles and
casual mail, it might even work. The applications of interest to me are
those where the binding between the message and the person who wrote it
are what is important. I cannot understand some "role" signing a
corporate tax return or waste water report to the EPA. To me THE
important thing about a message is the signature and the person who made
it. (Sorry Doug, perhaps I should have replied to your poll.)
I believe it was Einstein who said "we need to make theories just as
simple as we can .. but no simpler". Analog signatures are a feature
of human beings, IMHO Digital signatures should follow that same
paradigm.
Peace ..Tom Jones