On Tue, Dec 1, 2009 at 3:25 PM, Tracy Reed <[email protected]> wrote: > Now here's an interesting comment. How is using PGP "rolling your > own"?
I meant PGP as the basic encryption capability, but that doesn't include the key management. Somewhere there needs to be a list of what keys were used to encrypt what stuff, and the keys should be rotated periodically, and the keys should be destroyed when they're no longer being used to encrypt anything new and there's nothing left that they've been encrypted with, and... So what I meant was using the basic PGP, and then believing you're done because you generated one key. Now, PGP has enterprise products that include key management, and I didn't assume those, but they'd be fine. > I thought PGP was a very well trusted and established system. I agree. > I > would want to use PGP (or more likely, GPG) because I trust it, I can > easily obtain the software decrypt the encrypted files, it has a long > history of being around and being stable. I still agree. I draw a difference between encryption and key management; I guess not everyone does. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
