On Tue, 25 Jul 1995 10:09:56 EST, Jueneman(_at_)gte(_dot_)com said:
In my view, any signed messages that are received should be archived along wi
th
the complete chain of certificates and a current CRL. A centralized corporate
Umm.. Bob? Can you expound a bit more on what you mean by 'archived'?
What is the goal here, and what (possibly hypothetical) policies do you
envision? I'm mostly concerned because I currently get more than a few
PGP-signed messages from co-workers that don't have anything more detailed
to say than "Yes, gcc 2.7.0 looks like a good idea, let's shoot for the
next software upgrade window". Would such messages need to be archived
at all? For only a short while? Forever? Or do you mean "only messages that
have legal standing as purchase orders/payments"? Or???
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech