RE: Encrypted email versus HTTPS - weakness of .zip encryption

John,

 Thanks for the tip. Our service bureau needs something secure enough to
meet our client's S-O requirements and I was trying to decide whether to
send encrypted MIME or an HTTPS link. My main concern about encrypted MIME
is having to remind all the recipients of what their key is! 

JK

> -----Original Message-----
> From: midrange-l-bounces+johnking=pdq.net@xxxxxxxxxxxx [mailto:midrange-l-
> bounces+johnking=pdq.net@xxxxxxxxxxxx] On Behalf Of Jones, John (US)
> Sent: Saturday, March 05, 2005 6:38 AM
> To: Midrange Systems Technical Discussion
> Subject: RE: Encrypted email versus HTTPS - weakness of .zip encryption
> 
> Not to muddy the waters as I haven't followed this thread closely, but
> if the email will be generated on a PC or if a PC can be used for the
> ZIPping of the file(s) (via RUNRMTCMD or whatever), WinZip 9 offers AES
> encryption and it still has an optional CLI.
> http://www.winzip.com/wzdaes.htm
> 
> John A. Jones, CISSP
> Americas Information Security Officer
> Jones Lang LaSalle, Inc.
> V: +1-630-455-2787  F: +1-312-601-1782
> john.jones@xxxxxxxxxx
> 
> -----Original Message-----
> From: JK [mailto:johnking@xxxxxxx]
> Sent: Saturday, March 05, 2005 12:19 AM
> To: 'Midrange Systems Technical Discussion'
> Subject: RE: Encrypted email versus HTTPS - weakness of .zip encryption
> 
> > > 1) The encrypted .zip seems the simplest solution and in the
> > > interest of expediency we might go with something like that -
> > > assuming that is 'secure' enough to suit our client.
> >
> > Unless something has changed since I last looked into it, the
> > encryption on a ZIP file is relatively weak.
> 
> Scott,
> 
> I am leaning towards an HTTPS solution, but will retain the encrypted
> email option as 'Plan B'. Thanks for the clarification on those *nix
> things. The utility I recall seeing was a CMD and CL front-end to a port
> of a C-language gzip utility so I guess it wouldn't have handled
> encryption anyway...
> 
> JK