[7523] in cryptography@c2.net mail archive
RE: Self Decrypting Archive in PGP
daemon@ATHENA.MIT.EDU (Meyer Wolfsheim)
Fri Jul 21 14:39:41 2000
Date: Fri, 21 Jul 2000 14:36:34 -0400 (EDT)
From: Meyer Wolfsheim <wolf@priori.net>
To: "'cryptography@c2.net'" <cryptography@c2.net>
In-Reply-To: <0DA2A15FEE96D31187AA009027AA6A72014BFBFA@ca-exchange1.nai.com>
Message-ID: <Pine.BSF.4.21.0007211426150.95109-100000@mesozoic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
> Am I the only person left on earth who finds "self-extracting" bundles
> to be a menace to security? --Perry]
I am sure everyone on this list is well aware of the problems that public
key crypto solves. Temporarily ignoring the virus/trojan threat, the
security offered by unauthenticated SDAs (to which the password has
probably been transmitted over insecure channels) comes no where close to
that of a public key system.
Giving people PGP-approved SDAs is given them an excuse not to use
PGP. Not the greatest marketing tactic, I would think... but I guess it
makes money.
> SDAs may not be desirable by the linux-leaning crypto-savvy folks on this
> list, but there is a market for SDAs amongst the unwashed masses using
> millions of Windows-only PCs.
Apparently someone likes them... there are plenty of SDA products out
there, and they all suck.
> [Thanks to which, viruses like Melissa and "ILOVEYOU" have spread
> rapidly, causing people like me to have to lose sleep for days trying
> to fix the mess. Am I really the only person who cares about this? --Perry]
Nope, you are definately not the only one. I usually recommend to my
customers that they block all executable attachments at the mail
server. Problem solved.
- -MW-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: No comment.
iQEVAwUBOXiYRCsFU3q6vVI9AQEF6ggAnngNABePtQ1XtjOVgOtouyRby2vpYUof
e2TXbThBlfKOXuVR9jz/ziekl/ALXLQ7lTXKTi4YDc6/JOOplw539UdRWCch1gt5
6t+Ge1Yv8WxJiFA3+2X3fGU5w5cTZuhI8pP53wk1nzxenRtBEpe2tnlQHwJWcxFw
1MFS//WTIV47pNjp2fTy2e4CUZCaouCZcdmY2pw/xrXWSGcsHJPjhnFjSTZYk5Zc
aEOAaM69X7PAtjz9kcVLp+7VHgrYPVWPzUdG01zB91bPO1kKp5P+ysDo3ezS3MzW
GxQyxF2NvdK5EP47JevTk2nDjXZroLc3ZOVYi0kl9tyOak4Qc41Acw==
=BHC7
-----END PGP SIGNATURE-----
