Corporate public key?

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Tue Jul 8 22:04:06 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Carrera wrote:
| On Tue, Jul 08, 2003 at 01:27:20PM -0400, CL Gilbert wrote:
|
|>Daniel Carrera wrote:
|>| Hello all,
|>|
|>| I've been looking at ING, and I think that they should be using GPG.
|>| ING is a huge bank, but they deal with their customers entirely
through the
|>| phone or the internet.
|>|
|>| Their website says that personal account information can only be given
|>| over the phone because email is not secure.
|>
|>BS.  And a 4 digit phone pin which comes through snail mail is secure?
|
|
| Uhm... it is likely to be *more* secure than email:
|   -  Snail mail is much more difficult to scan en-masse than email.
|   -  I don't know if it's 4 digits, but even if it is, the fact that they
|      have to be pressed by a person makes a brute-force attack difficult.
|

The mail is usually there when I get home.  Their is noone guarding it.
~ I am not concerned about mass attacks, only a single one.  Once you get
the pin, you have no need of bruteforce.  The bruteforce occurs when you
are checking my snail mailbox everyday for a month.


| This doesn't make phone baking secure.  It makes it less insecure than
email.
| So, the decision is somewhat sensible.  But clearly, GPG would be much
better.
|
|

Well I suppose.  though phone banking may provide the illusion of
security, where their is actually little.

|
|>well when you walk into the back to give then your publick key on disk,
|>they can give your theirs.  Then you will know every key signed by that
|>key is authorized to send you info.
|
|
| The thing about ING is that they have almost no branches anywhere.
The whole
| point of ING is that they have minimal infrastructure, which allows
them to save
| money, and so they can offer better rates.
|
| This is why they do everything through either the phone or the
internet.  This is
| also why I think that GPG would be great for them.
|
| I think I'll write to them.  I just need to put some thought into the
email, and
| ideally find someone who can make a decision.


Interesting.  I hope they bite.  Typically their is some corporate
collusion or something that prevents corporations from using anything
that does not cost $500,000.  Perhaps a 'Enterprise edition' of gpg
needs to be released and a heafty fee levied, that way you get more
interest :)


|
| Cheers,
| --
| Daniel Carrera         | OpenPGP fingerprint:
| Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
| UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



- --
Thank you,


CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/CyKsVbJM14DSCi0RAgvcAKCq0PGix5vadR9H8XYMaA6Na5tNVwCdG/Di
Z6y7H2cHPL2sdsbCHUmV6Cc=
=amzn
-----END PGP SIGNATURE-----