Had a closer look at SEPP. From what I can tell, it fails in three ways: - It assumes that the recipient has a Windows platform, as it attaches an executable which asks for a password to decrypt, and also allows for the encryption of a reply. I am not 100% as the marketing docs are not clear (surprise!), but I cannot imagine another way (they boast not needing any client software). They could go through a webpage, but then that would suck just about as much. - Users are beginning to understand that they are not to run executable attachments. Now it's supposed to become a feature? Many mail readers and/or content scanners might well block the attachments. - It uses a password -- symmetric encryption -- which thus falls short in all the ways that symmetric encryption falls short. In particular, anyone might be able to sniff the password, or launch a social engineering attack. If the password has been disclosed, noone knows, nor can the sensitive data be protected/revoked. Just my two cents, because I am really interested in this. I have not seen a product that actually solves the problems without creating new ones. PS: I have no beef with SEPP or the company, so please don't read this as random bashing. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature