Corporate public key?

Daniel Carrera
Tue Jul 8 19:38:02 2003

Hash: SHA1

On Tue, Jul 08, 2003 at 01:27:20PM -0400, CL Gilbert wrote:
> Daniel Carrera wrote:
> | Hello all,
> |
> | I've been looking at ING, and I think that they should be using GPG.
> | ING is a huge bank, but they deal with their customers entirely through the
> | phone or the internet.
> |
> | Their website says that personal account information can only be given
> | over the phone because email is not secure.
> BS.  And a 4 digit phone pin which comes through snail mail is secure?

Uhm... it is likely to be *more* secure than email:
  -  Snail mail is much more difficult to scan en-masse than email.
  -  I don't know if it's 4 digits, but even if it is, the fact that they
     have to be pressed by a person makes a brute-force attack difficult.

This doesn't make phone baking secure.  It makes it less insecure than email.
So, the decision is somewhat sensible.  But clearly, GPG would be much better.

> well when you walk into the back to give then your publick key on disk,
> they can give your theirs.  Then you will know every key signed by that
> key is authorized to send you info.

The thing about ING is that they have almost no branches anywhere.  The whole 
point of ING is that they have minimal infrastructure, which allows them to save 
money, and so they can offer better rates.

This is why they do everything through either the phone or the internet.  This is 
also why I think that GPG would be great for them.

I think I'll write to them.  I just need to put some thought into the email, and 
ideally find someone who can make a decision.

- -- 
Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD  (301) 405-5137    |
Version: GnuPG v1.2.2 (SunOS)