[Info-vax] VSI Website Form for Reporting Potential Security Problems
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Feb 26 16:34:14 EST 2018
On 2018-02-26, Craig A. Berry <craig.a.berry at gmail.com> wrote:
> On Monday, February 26, 2018 at 12:37:26 PM UTC-6, Simon Clubley wrote:
>
>> There either needs to be a file upload option or a public key that
>> can be used to send files to VSI encrypted.
>
> There is. You can supply them with a PGP key on that form and then exchange
> as much secure e-mail with attachments as you want.
Sorry Craig, but that's nowhere near good enough.
All that does is to make sure that whoever is on the other end of
the email address is still talking to the same person who sent them
the PGP key.
It does absolutely nothing to make sure that the organisation
you are talking to really is VSI.
If you look at every other organisation's security reporting mechanism,
they all provide their own PGP key. There's a very good reason for that.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list