Re: GPG Question
On Feb 15, 2007, at 11:28, Ben Scott wrote: Be aware that such a policy (not telling employees of snooping) is outright illegal in some jurisdictions, and is a legal minefield in others. Or so I'm told. Yeah, it's amazing what some people don't care about. I left when it was decided that it would be cheaper to settle any potential lawsuits than buy a J2EE container with two-phase commits to avoid a chance of medication errors. My argument at the time with regards to e-mail was to store the messages encrypted on disk and have them by default be encrypted to the employer's key rather than just leave them plaintext on disk for anybody who can steal the hard drive or break the system to read (the concern was auditability). "Crazy talk" -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: GPG Question
On 2/15/07, Bill McGonigle <[EMAIL PROTECTED]> wrote: ... they'd rather not have the employees explicitly aware that the employer could read their e-mail ... This may be preaching to the choir, but... Be aware that such a policy (not telling employees of snooping) is outright illegal in some jurisdictions, and is a legal minefield in others. Or so I'm told. Based on the disclaimers I and others have been required to employ, the prevailing thought appears to be employees should be explicitly informed that they should have no expectation of privacy. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: GPG Question
On Feb 14, 2007, at 11:22, Ed Lawson wrote: The question is how to use PGP in a way that provides a separation between personal and business use. In other words, how do you set up PGP so that business mail is signed/encrypted so that business folks can verify/decrypt business mail, but they have no ability to verify/decrypt personal mail? Is simply establishing two IDs for the public key the way to go? I've typically made a keypair for each function (business, personal, etc.) How that's chosen is client-implementation dependent, but some mailers will allow you to chose a keypair for an account. I've been using S/MIME more over the past few years, but the concepts are similar, and there the client just reads the e-mail addr out of the keypair and does the selection for you. There are edge cases like when you get a new keypair before the old one expires, then you might have some manual pointing to do. This also has the decided advantage that if you need to surrender your keypair for any reason (say, you change jobs), you only give up one of your functions. I'd much rather have mailers know how to explicitly add the employer's key to the destination, but I don't know of any that support that yet. I've argued for it at a previous job at a large healthcare provider but the resolution was that they'd rather not have the employees explicitly aware that the employer could read their e-mail. Fortunately they have a benevolent dictator in charge of that system, currently. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf For fastest support contact, please follow: http://bfccomputing.com/support_contact.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: GPG Question
Ed Lawson <[EMAIL PROTECTED]> writes: > After the talk at this month's Centlug meeting on GPG, I have be > trying to delve into how to use PGP. I have three computers that are > used for both personal and business use and on each I login as the > same user for both purposes. The question is how to use PGP in a way > that provides a separation between personal and business use. In > other words, how do you set up PGP so that business mail is > signed/encrypted so that business folks can verify/decrypt business > mail, but they have no ability to verify/decrypt personal mail? Is > simply establishing two IDs for the public key the way to go? I'm not entirely sure I understand the question. If you're sending them an email you want signed, you'd sign it with (one of) your key(s). If you're encrypting it, you encrypt it with *their* keys. You can have multiple keys which you use for different purposes and choose at time of signing/encrypting which to use. -- Seeya, Paul -- Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
GPG Question
After the talk at this month's Centlug meeting on GPG, I have be trying to delve into how to use PGP. I have three computers that are used for both personal and business use and on each I login as the same user for both purposes. The question is how to use PGP in a way that provides a separation between personal and business use. In other words, how do you set up PGP so that business mail is signed/encrypted so that business folks can verify/decrypt business mail, but they have no ability to verify/decrypt personal mail? Is simply establishing two IDs for the public key the way to go? TIA Ed Lawson ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/