What do you use PGP/SMIME for?
nick at leippe.com
Wed May 7 10:34:45 MDT 2008
On Wednesday 07 May 2008, Corey Edwards wrote:
> > I like to say that there are no degrees of insecurity.
> I disagree. Security is merely assessing risks and mitigating those that
> are worth mitigating. Clearly some behaviors are riskier than others and
> are therefore less secure. OTOH, some things are not worth securing
> because the potential loss is less than the cost of the additional
> So for example, at my company we routinely send passwords via email and
> IM. The catch is that the servers are hosted entirely in house and
> nothing goes over the Internet that's not on a VPN, so really it's not a
> big deal. Sure, S/MIME or GPG would be more secure on top of it but I'm
> not convinced the cost of implementing it would be worth it.
I would not consider that to be insecure--since the information never exits
your control and never enters any area of external risk.
I just mean to say that once something is insecure, that's it. It can't get
any worse--so placing any type of degree on 'insecure' for me seems a
misnomer. I won't deny that there are degrees of security, however.
More information about the PLUG