What do you use PGP/SMIME for?

Nicholas Leippe nick at leippe.com
Wed May 7 10:34:45 MDT 2008


On Wednesday 07 May 2008, Corey Edwards wrote:
> > I like to say that there are no degrees of insecurity.
>
> I disagree. Security is merely assessing risks and mitigating those that
> are worth mitigating. Clearly some behaviors are riskier than others and
> are therefore less secure. OTOH, some things are not worth securing
> because the potential loss is less than the cost of the additional
> security.
>
> So for example, at my company we routinely send passwords via email and
> IM. The catch is that the servers are hosted entirely in house and
> nothing goes over the Internet that's not on a VPN, so really it's not a
> big deal. Sure, S/MIME or GPG would be more secure on top of it but I'm
> not convinced the cost of implementing it would be worth it.

I would not consider that to be insecure--since the information never exits 
your control and never enters any area of external risk.

I just mean to say that once something is insecure, that's it. It can't get 
any worse--so placing any type of degree on 'insecure' for me seems a 
misnomer. I won't deny that there are degrees of security, however.




More information about the PLUG mailing list