× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2005

RE: Encrypted email versus HTTPS

Paul,

1) The encrypted .zip seems the simplest solution and in the interest of
expediency we might go with something like that - assuming that is 'secure'
enough to suit our client. Their business partners have widely varying
levels of sophistication, though, and I'm leery of placing many onuses (sp?)
mainly because I'll be the one who ends up educating and supporting them!

2) We're using 'jar' in a CLLE to compress the outbound files and as far as
I can tell it does not support encryption. Are you aware of any iSeries
utilities that support file encryption? I've Googled for 'tar iseries' and
'gzip iseries' and they all lead to PASE, something I'm really not
comfortable with yet. I remember seeing an RPG-based 'zip' utility, probably
in one of the iSeries newsletters, last year but cannot lay hands on it
now...

3) I really don't know enough to make an informed decision about the overall
merits of S-O. From my perspective, though, it has resulted in lots of
lawyers making lots of silly rules! I mean, really, what practical purpose
does the now-obligatory "this email may contain privileged information..."
signature serve other than to justify a lawyer's salary? <grin>

JK

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> bounces@xxxxxxxxxxxx] On Behalf Of Paul Morgan
> Sent: Friday, March 04, 2005 3:11 PM
> To: midrange-l@xxxxxxxxxxxx
> Subject: Re: Encrypted email versus HTTPS
> 
> JK,
> 
> Why not provide for the option to encrypt their email if they provide you
> with an encryption key or keys?  If they lose the key it's up to them to
> get another and provide you with the new key.  Put the onus of key
management
> on your customer instead of your service bureau.  You get to provide a new
> service to your customers.  Your customers get encrypted email.  Win-Win.
> 
> Have you considered using an encrypted Zip file for the attachments?
> 
> Isn't the 'Stop Ripping Off Your Shareholders and Employees Act of 2002'
> great?  Makes you do all these great things that improve the business.
> 
> Paul
> 
> --
> Paul Morgan
> Senior Programmer Analyst - Retail
> J. Jill Group
> 100 Birch Pond Drive, PO Box 2009
> Tilton, NH 03276-2009
> Phone: (603) 266-2117
> Fax:   (603) 266-2333
> 
> "JK" wrote
> 
> >  Now, due to the "Full Employment for Lawyers and Auditors Act of 2002"
> > (a.k.a. Sarbanes-Oxley) our main client is requiring all communications
> > to be 'secure'. Without completely reworking the business procedures, I
see
> > two options: 1) Use PGP or S/MIME to encrypt the attachments, or 2)
Email a
> > 'link' to our website, challenge the user for a userid/pw and use HTTPS
> > to allow the download.
> >
> >  The advantage of encrypted email is there is no possibility of the user
> > accidentally retrieving an incorrect file from our website. The
> > disadvantage is that I'm not looking forward to educating dozens of
> > not-so-sophisticated users and listening to their complaints when they
lose their encryption
> > keys.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.