Self Decrypting Archives
Thu Jun 19 23:32:02 2003
At that point, I really don't care. My job is to get them data in a timely
fashion. If I don't get them that data, I lose my job. (That's bad.) I must
get them that data without allowing anyone else to read it. If someone else
reads it*, I lose my job AND go to jail. (THAT'S MUCH WORSE.)
I have neither the time, nor the political pull** to FORCE the vendors
receiving the data to use any certain encryption software. So, if I have to
sneak the necessary software in through an SDA, that's fine with me. I
neither lose my job, nor go to jail for it.
*assuming the Federal auditors find out.
**And YES, I HAVE been FIRED for refusing to break the law on behalf of my
employer. That's not fun either.
From: David Shaw [mailto:email@example.com]
Sent: Thursday, June 19, 2003 4:58 PM
Subject: Re: Self Decrypting Archives
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Jun 19, 2003 at 04:22:56PM -0400, Gates, Scott wrote:
> So, SDA's have saved my bacon on more than one occasion. I have recently
> started using GPG because it lets me call it remotely from an FTP script
> the local host. This way I can use JCL (batch to you DOS types) and run
> file transfers from the master scheduler. This is fine when the recipient
> can receive encrypted e-mail attachments, or FTP. But the few that need
> LOTS of hand holding to open an e-mail attachment are the ones who give me
> the most headaches, and are also the ones who won't install software.
But a SDA *is* "installing" something. What do they think happens
when they click on it?
> If you really wanted to, you could even send your receiver a zip file
> containing the "gpg" binary, plus the encrypted file, and a batch file
> that contained something like "gpg theencryptedfile.gpg". Poof:
> instant SDA. Of course, it's still insecure ;)
It works, and the end result is a SDA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----
Gnupg-users mailing list