A rekindled interest in PGP (due in part to recent revelations about the NSA) led me to perusing public keyservers for people I know. After clicking around a bit, I found that there is a reasonably large number of people who share the folowing characteristics:
- They all have stripe.com email addresses (implying that they work at Stripe).
- Many of them have signed each other’s keys, forming a tight web-of-trust.
- Many of them are signed by Stripe (CA-ish) <email@example.com>
- Many of them are signed by Stripe Deploy Key <firstname.lastname@example.org>
So what can we (the non-Stripe-employee public) infer from this? Clearly they care about security at Stripe.
Here are a few theories of mine:
- Stripe uses PGP for internal communications. It would make sense, given the level of security that must be required at Stripe. I’m only slightly familiar with PCI requirements, but it would make sense to go even further with security this way. Signing everyone with a “CA-ish” isn’t a technique I’ve seen before, but isn’t that farfetched. It provides a decent mechanism for saying “Yes, that PGP key belongs to a Stripe employee”.
- Stripe uses PGP as an authenticator for deployments. When deploying new code, it’s necessary to verify that the person pushing the code is authorized to do so. Normally this is done with ssh keys and user accounts on a deploy machine, but perhaps Stripe has a more sophisticated system using PGP.
Another thing to note is that not all Stripe employees are represented here. Maybe it’s only techincal/engineering employees?
It would be cool to hear about how Stripe is using PGP for either of these purposes, and why the used public keyservers rather than having their own internal system. Anyone have any insight on this?