On Mon, Jun 17, 2013 at 11:19 AM, ACROS Security Lists <lists () acros si>
wrote:
Valdis,
No, that's how to do it *hardline*. There's many in the
security industry that will explain to you that it's also
doing it *wrong*. Hint - the first time that HR sends out a
posting about a 3-day window next week to change your
insurance plan without penalty, signs it with something that
doesn't match the From:, and the help desk is deluged by
phone calls from employees who can't read the mail, the guy
who put "You shall not pass" in place will be starting a job hunt.
If there was an industry standard specifying the you-shall-not-pass for
all web
browsers, it wouldn't be the guy (developer) who put this roadblock in
place that
would start a job hunt but someone within the company whose job was to
avoid the
roadblock by making sure the cert that HR is using was okay. That would
happen a
couple of times, and then not any more, as people have great capacity
for learning.
....
... If I get an encrypted
message that was mistakenly not encrypted with my key, it would be very
productive to
have a "Just decrypt anyway" button but we obviously don't have that. ...
A lot of folks would like to have that button ;)
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
