Self Decrypting Archives

Steve Butler
Fri Jun 20 06:42:02 2003

Not sure what industry Jeff is in.  In the health care industry in the US we
can simply point to the HIPPA regs and tell our vendors that need to run
something compatible with PGP and provide us with their public key.  

Had one vendor that insisted on generating a new public key for us to use!
I've always wondered how they kept track of which pass phrase to use when
they had to decrypt.  

Thankfully cooler heads prevail here and I could simply provide them with
the same Public key we provide everybody else.

But, to the point for Jeff.  I'd simply ask them for their public key and
state that you'll send them an encrypted file.

Since we encrypt on a Linux box, it would be impossible for us to send a SDA
to those vendors that use Windows (and I know of at least two -- wish them
luck everytime we ship a file as they forget about the LF versus CR LF

-----Original Message-----
From: John B []
Sent: Thursday, June 19, 2003 4:50 PM
Subject: Re: Self Decrypting Archives

Hash: SHA1

On Thursday 19 June 2003 16:07, Jeff Herrin wrote:
> Nobody is actually clicking on anything. The file creation, the
> the FTP transfers, the decryption is all done automatically by scripts
> are designed to specifically handle SDAs. I know they have the ability
> their commercial version of PGP to handle whatever I send them but their
> system is specifically looking to read from an FTP folder and decrypt it
> an SDA.
> Jeff Herrin

  So tell them how *insecure* it is. It won't take any longer to truly
a message/whatever than to make the same message/whatever an SDA. Tell them 
that if they're worried about being secure, they need to stop the SDA crud 
and do it right and tell them they need to quit being so lazy. It's just 
plain ridiculous to have a paid-for version of PGP on a windows machine, and

just use it for SDA's, it's just simply ludicrous.

- -- 
"You will bring ussss.....A SHRUBBERY!"
These guys looked dangerous...and hungry,
so to placate them until I found a shrubber,
I fed them an MSN butterfly. They dined
quite happily it seemed.
Version: GnuPG v1.2.2 (GNU/Linux)


Gnupg-users mailing list

We're Moving June 20th!
600 University St, Suite 1400
Seattle, WA 98101

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.