Zeljko Vrba <[EMAIL PROTECTED]> writes: > > "Jim Berland" <[EMAIL PROTECTED]> writes: > >> >> There are other flaws in the computer system that would have >> to be addressed (a secretary has root access to the server to >> let her start the daily backup process after work), but I'm >> not in charge of that. >> > > Huh? That requires only a single suid-root command. >
You said "root" so I assume Unix. Better yet, that requires nobody at all unless you need somebody to change the media. Just use cron to do automated backups. For Fedora / RedHat / OpenSuse / Novell the default crond chkconfig setting enables it (I can't speak for other versions of Linux or Macs): crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off On older style Unix systems, they MUST have cron running. That is what is used to trim the logs, etc. For MS Windows you also have software to do backups for you in an automated fashion. Your "not in charge" makes me worry about the politics of what you are doing. >> >> Since I'm going through the trouble of setting everything up and >> teaching our employees, though, it would be great to also use GPG >> with business partners. I don't think it's really going to happen, >> but >> > > If you want secure communication with your partners, you might > have better luck with X.509 certificates. They "just work" > under windows. The only needed initial setup is import of the > root certificate. Free certificates are available from > www.cacert.org ... All of the things Zeljko said here (why repeat it?) are true. More to the point, X.509 are what most other MS Windows oriented companies will be using. They may not be using the free certificates though. Everybody I have heard wants a middle company doing some sort of investigation of both parties. It gives them that warm fuzzy feeling. It's not that the companies don't trust the OpenPGP WOT model; they don't even know about it. There are cases where other companies will specify OpenPGP, and there is one case in the GnuPG archives for you to look at. The posters were using a Sun Solaris system on their end but I can't remember what the people on the other end were using other than it was also a Unix system. Look around your shop. If it is almost all Microsoft Windows then lean towards X.509. If it is all Linux, then lean towards OpenPGP. But when it comes to other companies other than your own, ASK THEM. Ask all the other companies you deal with what they want you to use. Zimmerman made the statement to the effect that it isn't so much "big brother" that will be doing the spying as it is other companies that will be spying on your company to gain a competitive advantage. You have already alluded to the loss of confidential information. In other words, you need SOME sort of encryption. But more to the point, you need the blessing of those that are in charge to implement it, at least on a trial basis in those areas where your company is having problems. Since you have already had cases of stolen information, that should be an easy sell. But sometimes it isn't. There an awful lot of Paris Hilton's out there (people that don't secure their data). Worse, they don't see any reason for securing their data either. HHH _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
