Corporate public key?
Tue Jul 8 22:04:06 2003
-----BEGIN PGP SIGNED MESSAGE-----
Daniel Carrera wrote:
| On Tue, Jul 08, 2003 at 01:27:20PM -0400, CL Gilbert wrote:
|>Daniel Carrera wrote:
|>| Hello all,
|>| I've been looking at ING, and I think that they should be using GPG.
|>| ING is a huge bank, but they deal with their customers entirely
|>| phone or the internet.
|>| Their website says that personal account information can only be given
|>| over the phone because email is not secure.
|>BS. And a 4 digit phone pin which comes through snail mail is secure?
| Uhm... it is likely to be *more* secure than email:
| - Snail mail is much more difficult to scan en-masse than email.
| - I don't know if it's 4 digits, but even if it is, the fact that they
| have to be pressed by a person makes a brute-force attack difficult.
The mail is usually there when I get home. Their is noone guarding it.
~ I am not concerned about mass attacks, only a single one. Once you get
the pin, you have no need of bruteforce. The bruteforce occurs when you
are checking my snail mailbox everyday for a month.
| This doesn't make phone baking secure. It makes it less insecure than
| So, the decision is somewhat sensible. But clearly, GPG would be much
Well I suppose. though phone banking may provide the illusion of
security, where their is actually little.
|>well when you walk into the back to give then your publick key on disk,
|>they can give your theirs. Then you will know every key signed by that
|>key is authorized to send you info.
| The thing about ING is that they have almost no branches anywhere.
| point of ING is that they have minimal infrastructure, which allows
them to save
| money, and so they can offer better rates.
| This is why they do everything through either the phone or the
internet. This is
| also why I think that GPG would be great for them.
| I think I'll write to them. I just need to put some thought into the
| ideally find someone who can make a decision.
Interesting. I hope they bite. Typically their is some corporate
collusion or something that prevents corporations from using anything
that does not cost $500,000. Perhaps a 'Enterprise edition' of gpg
needs to be released and a heafty fee levied, that way you get more
| Daniel Carrera | OpenPGP fingerprint:
| Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
| UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
Gnupg-users mailing list
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----