yep, that'll help too. i've been asked to compile a general security
best-practices document and put it on the wiki, which i'll do as i can.
or i might try to delegate to one of my sec folks :)
On 10/26/11 2:27 PM, Ted Schulman wrote:
I agree, we shouldn't be sending passwords, credentials, etc. over open
email. A best practice is to use voice communications for this purpose
On Wed, Oct 26, 2011 at 2:19 PM, Sam Boyer <email@example.com
during the internet working group meeting last night, it was requested
that i email around about the use of gpg. much of the communication we
are doing is in public spaces, and that's great. but there are some
communications we will have which ought to be kept private - not because
we're creating cabals, but because we are, for example, sharing
passwords for access to servers. however, following the principle of
promiscuous encryption (encrypting everything, rather than just the
"important stuff," so that anyone trying to intercept doesn't know which
messages contain something worthwhile.
so basically, anytime i send individual emails to folks working on OWS,
i'd LIKE to encrypt them. i understand that gpg is a bit difficult for
many people, so i'm not saying this is a general requirement (though i
absolutely will not send sensitive things, like passwords, unencrypted),
but the more folks who could start making use of gpg, the better.
here are some primers. hopefully one is at your skill level, wherever
that may be, enough that you can get it up and running.
for osx + thunderbird (what i use on my laptop) -
a bit on gpg for windows - http://wolfram.org/writing/howto/gpg.html
intro ubuntu-oriented thread -
more generic manual -
another manual - http://www.gnupg.org/gph/en/manual.html
to reiterate - i am NOT saying we should/must abandon all lists, or that
all individual emails ought to be encrypted. i'm simply saying that this
is a good practice, required for certain communications, and the earlier
that more people get in the habit, the better.
Ows_solutions mailing list