In message <[EMAIL PROTECTED]>, Eric Murray writes:
>
>Why not send then a SDA that contains a copy of PGP, installs it,
>generates a key for the user, posts it to a keyserver, sets up the
>correct MIME content-type hooks in the user's browser, and then send
>them the real PGP-encrypted file 10 m
Perry wrote:
>Am I the only person left on earth who finds "self-extracting" bundles
>to be a menace to security? --Perry]
Obviously not from the other comments. I view self extracting archives
(SEAs) as being no different from any other executable. If you are
comfortable running the program on
> I think this is secure:
>
>- pre-distribute a public key (cert, whatever) that you trust
>- install decryption/sig checking software on the target machines
> (I think this is necessary)
>- when the blob is transmitted, send a signature (detached) and the
> executable self-
Suppose I have something complicated, like a bunch of database
files or a report from an outsourced monitoring service, that I want
to email to someone. Then I might want a self-extracting, secure
'blob'.
I think this is secure:
- pre-distribute a public key (cert, whatever) that you trust
At 02:36 PM 7/21/00 -0400, Meyer Wolfsheim wrote:
>Nope, you are definately not the only one. I usually recommend to my
>customers that they block all executable attachments at the mail
>server. Problem solved.
What about *compressed* .exes? (and .bat and .vbs and .doc-macros etc) I
suppose a m
On Thu, Jul 20, 2000 at 07:03:50PM -0700, Salzman, Noah wrote:
> First,
> The Unix flavors of PGP E-Business Server 7.0 (fancy name for Command Line,
> fancy price too) will support the creation of _Windows-based_ SDAs. PGP 7
> is "due out in the near future."
>
> The classic example of the requ
-BEGIN PGP SIGNED MESSAGE-
> Am I the only person left on earth who finds "self-extracting" bundles
> to be a menace to security? --Perry]
I am sure everyone on this list is well aware of the problems that public
key crypto solves. Temporarily ignoring the virus/trojan threat, the
securi
> [So you just feel comfortable training people's users to run
> executables they get from potentially untrusted sources over the net,
> eh? Are you really helping anyone's security here?
>
> Am I the only person left on earth who finds "self-extracting" bundles
> to be a menace to security? --P
On Thu, 20 Jul 2000, Ove Espeland wrote:
> How do I make a Self Decrypting Archive with the PGP Command line
I find myself oddly reminded of a line from Jurassic Park[1] in
which Ian Malcolm remarked that people got so caught up in whether they
could do something that they didn't stop t
> Am I the only person left on earth who finds "self-extracting" bundles
> to be a menace to security? --Perry]
No. On the other hand, considering that your typical Windows user will push
a button marked "Push this button now to erase all the files on your disk",
it's a relatively small part of
No Perry, you are not alone. Executable archives, like Active-X and
other executing content, are really a bad idea from a security point
of view.
Donald
sday, July 20, 2000 2:10 PM
To: Ove Espeland
Cc: '[EMAIL PROTECTED]'
Subject: Re: Self Decrypting Archive in PGP
At 9:18 am +0200 2000-07-20, Ove Espeland wrote:
>How do I make a Self Decrypting Archive with the PGP Command line
Ove,
You cannot. SDAs are available in the Windows
At 9:18 am +0200 2000-07-20, Ove Espeland wrote:
>How do I make a Self Decrypting Archive with the PGP Command line
Ove,
You cannot. SDAs are available in the Windows and Mac GUI clients
only, and they are not x-platform.
X-platform executable self-decryption capability shouldn't be
rocket scie
How do I make a Self Decrypting Archive with the PGP Command line
Ove Espeland
Norsk Eiendomsinformasjon as
[Normally I would have blocked this as being below the level I want
for the list, but I'm letting it through because I wanted to mention
that I consider self-extracting anything -- zip
14 matches
Mail list logo