Re: [Full-disclosure] Introducing TGP...

["Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>]

Hey Michael -

Great comments - The "send to a list" statements were just an example, but it 
illustrated a method by which one could abstract one's self from any 
"custodial" duties in regard to the data. You could send it anywhere.  Of 
course, you can also just keep it all local and treat the files as sensitive 
and ensure that all key files go through some key management process if you 
like.

I just like having choices.  I never said it was the ideal implementation - I 
just said it would be a secure, workable way of doing it.

t

From: mike.vasquez@xxxxxxxxx [mailto:mike.vasquez@xxxxxxxxx] On Behalf Of 
Michael Neal Vasquez
Sent: Monday, June 14, 2010 4:39 PM
To: Thor (Hammer of God)
Cc: full-disclosure@xxxxxxxxxxxxxxxxx"
Subject: Re: [Full-disclosure] Introducing TGP...

Why send it to a public form/blog/email list, etc. When you could email it to 
yourself, mitigating some of Stu's concerns, yet still making it available to 
yourself...

Additionally, you're adding less traffic (a tiny bit less, true, but less...)

Send it to multiple email accounts if you're worried about an outage.... 
(gmail. yahoo. hushmail. etc)

Why replicate it in all these different archives.  It's an interesting idea, 
but I'm not convinced it's the ideal implementation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/