Corporate public key?

CL Gilbert
Tue Jul 8 22:04:06 2003

Hash: SHA1

Daniel Carrera wrote:
| On Tue, Jul 08, 2003 at 01:27:20PM -0400, CL Gilbert wrote:
|>Daniel Carrera wrote:
|>| Hello all,
|>| I've been looking at ING, and I think that they should be using GPG.
|>| ING is a huge bank, but they deal with their customers entirely
through the
|>| phone or the internet.
|>| Their website says that personal account information can only be given
|>| over the phone because email is not secure.
|>BS.  And a 4 digit phone pin which comes through snail mail is secure?
| Uhm... it is likely to be *more* secure than email:
|   -  Snail mail is much more difficult to scan en-masse than email.
|   -  I don't know if it's 4 digits, but even if it is, the fact that they
|      have to be pressed by a person makes a brute-force attack difficult.

The mail is usually there when I get home.  Their is noone guarding it.
~ I am not concerned about mass attacks, only a single one.  Once you get
the pin, you have no need of bruteforce.  The bruteforce occurs when you
are checking my snail mailbox everyday for a month.

| This doesn't make phone baking secure.  It makes it less insecure than
| So, the decision is somewhat sensible.  But clearly, GPG would be much

Well I suppose.  though phone banking may provide the illusion of
security, where their is actually little.

|>well when you walk into the back to give then your publick key on disk,
|>they can give your theirs.  Then you will know every key signed by that
|>key is authorized to send you info.
| The thing about ING is that they have almost no branches anywhere.
The whole
| point of ING is that they have minimal infrastructure, which allows
them to save
| money, and so they can offer better rates.
| This is why they do everything through either the phone or the
internet.  This is
| also why I think that GPG would be great for them.
| I think I'll write to them.  I just need to put some thought into the
email, and
| ideally find someone who can make a decision.

Interesting.  I hope they bite.  Typically their is some corporate
collusion or something that prevents corporations from using anything
that does not cost $500,000.  Perhaps a 'Enterprise edition' of gpg
needs to be released and a heafty fee levied, that way you get more
interest :)

| Cheers,
| --
| Daniel Carrera         | OpenPGP fingerprint:
| Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
| UMD  (301) 405-5137    |

Gnupg-users mailing list

- --
Thank you,

CL Gilbert
Free Java interface to
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard
Pretty Good Privacy (PGP), windows
users should try that.
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -