Harmon said: I'm just amazed that with all the flack about ZK, something even worse goes unnoticed. Or are there so many of these pseudo-secure outfits that it would be a waste of bandwidth to comment. -- end quote -- I think that's it exactly. Doesn't look like VerySafe is bringing anything new to the table. PGP already does self-decrypting files, and has better support than just an Outlook plugin. On top of that, all mail is mediated through the VerySafe server, so traffic analysis is built in, along with key escrow (your keys are generated by the server) and maybe even content escrow.
On Fri, Nov 03, 2000 at 07:34:27AM -0500, brflgnk@cotse.com wrote:
Real-To: brflgnk@cotse.com
Harmon said: I'm just amazed that with all the flack about ZK, something even worse goes unnoticed. Or are there so many of these pseudo-secure outfits that it would be a waste of bandwidth to comment. -- end quote --
I think that's it exactly. Doesn't look like VerySafe is bringing anything new to the table. PGP already does self-decrypting files, and has better support than just an Outlook plugin.
Self-decrypting (and self-anything files that need executable permission) are tragedies waiting to occur. People who aren't technical enough to install their own copies of PGP shouldn't be encouraged to run unknown email attachments, no matter what the associated pretty icon looks like. Of course, for the email to become known in any meaningful way - say, with a digital signature created by a trusted correspondent - requires the same computation (or a close analog) that the self-decryption would perform. The "I LOVE YOU" (which sent messages from known correspondents) should eliminate any hope that the people who create malicious programs aren't smart enough to take advantage of local data like address books when propagating bad code. -- Greg Broiles gbroiles@netbox.com PO Box 897 Oakland CA 94604
Quoting Greg Broiles <gbroiles@netbox.com>:
On Fri, Nov 03, 2000 at 07:34:27AM -0500, brflgnk@cotse.com wrote:
I think that's it exactly. Doesn't look like VerySafe is bringing anything new to the table. PGP already does self-decrypting files, and has better support than just an Outlook plugin.
Self-decrypting (and self-anything files that need executable permission)are tragedies waiting to occur.
I have to agree, and wasn't intending to promote their proliferation. This is an essential problem, I think. Self-decryptors are easy for Joseph Q. Sixpack, but train him to trust executable attachments in general.
People who aren't technical enough to install their own copies of PGP shouldn't be encouraged to run unknown email attachments, no matter what the associated pretty icon looks like.
Which implies that such people will be denied crypto's benefits entirely. Perhaps this is evolution in action?
participants (2)
-
brflgnk@cotse.com -
Greg Broiles