[7540] in cryptography@c2.net mail archive
RE: Self Decrypting Archive in PGP
daemon@ATHENA.MIT.EDU (Bill Frantz)
Sun Jul 23 03:52:20 2000
Message-Id: <v03110702b59ec0262520@[199.174.205.25]>
In-Reply-To:
<0DA2A15FEE96D31187AA009027AA6A72014BFBFA@ca-exchange1.nai.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 21 Jul 2000 20:12:51 -0700
To: "Salzman, Noah" <Noah_Salzman@NAI.com>, Dave Del Torto <ddt@lsd.com>,
Ove Espeland <OES@Eiendomsinfo.no>
From: Bill Frantz <frantz@netcom.com>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
Perry wrote:
>Am I the only person left on earth who finds "self-extracting" bundles
>to be a menace to security? --Perry]
Obviously not from the other comments. I view self extracting archives
(SEAs) as being no different from any other executable. If you are
comfortable running the program on your computer, then do so. I personally
am willing to run programs which I have downloaded from reputable
providers. That's what happens when you buy software online.
We could make an email SEA system safe if we could check the hash of the
executable part of the archive against a list of "known safe" routines
before we ran it. Such a system might usefully encourage people to
compress files for transmission, rather than watch them expand as MIME
encoded attachments.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Microsoft Outlook, the | Periwinkle -- Consulting
(408)356-8506 | hacker's path to your | 16345 Englewood Ave.
frantz@netcom.com | hard disk. | Los Gatos, CA 95032, USA
