Koch: A New Future for GnuPG

Posted Jan 4, 2022 8:53 UTC (Tue) by nilsmeyer (guest, #122604)
In reply to: Koch: A New Future for GnuPG by karkhaz
Parent article: Koch: A New Future for GnuPG

> I assumed that a centralized PKI is exactly what enterprise/government customers would want to use, for ease of revocation/rotation/etc. It's quite surprising that these customers do see the benefit of OpenPGP, I wonder how the government makes it work (I don't suppose the civil servants are having keysigning parties...).

Depends on the government agency, BSI uses it obviously, also some state data protection offices in Germany. There was an ill-fated attempt to build something for e-Mail (DE-Mail) that was a home grown solution, for healthcare there is something based on an x.509 PKI which is also not widely used, similarly there is something used by lawyers and courts (supposedly) also based on x.509 I believe. Fax and Mail still reign supreme in a lot of places.

The federally owned Bundesdruckerei (which also prints Euro notes for example) also offers S/MIME certificates, though barely anyone uses S/MIME.

It's not a comprehensive strategy - this is quite typical for Germany, what is unusual here is that the people in charge relied on an open standard instead of cooking up their own proprietary solution. I think it's quite an achievement actually to not only have a good technical solution in place but also to be able to convince a government agency to use it.