[thelist] Sensitve information on the web
Joel D Canfield
joel at bizba6.com
Wed Nov 3 10:47:14 CDT 2010
On Wed, Nov 3, 2010 at 11:39 AM, Hassan Schroeder <
hassan.schroeder at gmail.com> wrote:
> On Tue, Nov 2, 2010 at 8:06 PM, Joel D Canfield <joel at bizba6.com> wrote:
> > On Tue, Nov 2, 2010 at 8:22 PM, Todd Richards <todd at promisingsites.com
> >wrote:
> >
> >> Am I missing something, or am I being too cautious? After answering
> them
> >> tonight, I thought I'd get someone else's take on it.
> >>
> >> we used GPG (open source version of PGP) to encrypt data being emailed.
> > since we were sending apps for health insurance, including everything, I
> was
> > told (but did not verify) that it met some fairly rigid standards for
> > security.
>
> The problem I see with this is that, once decrypted on the recipient's
> end, the data is exposed to being easily compromised -- accidentally
> or intentionally forwarded in plain text, for instance.
We didn't decrypt the emails themselves; nothing was left in email form
other than the encrypted data. Once it's offline, it's no more or less
vulnerable than anything else, methinks.
More information about the thelist
mailing list