None. This is a fine way to do it. I know of an Internet-based financial transaction system that uses precisely this mechanism. When you make a stock trade (for example), the client software makes a PGP message and FTPs it to a directory, where the processing servers decrypt it.
Using PGP has the additional advantage that it uses ZIP (actually called Deflate) compression on your file, which is apt to make it smaller. If you are already compressing the file, you can remove this step from your process.
There are some gotchas you should be aware of:
Using PGP as opposed to SSL is different in that you are encrypting the data object, rather than the pipe. Once your file gets to its destination, it's still protected. This is arguably safer, but also arguably less convenient. Some people might argue that it's better to use PGP, but it is certainly not *less* secure than SSL.
I'll also add as one final note that a related, but slightly different strategy would be to PGP-encrypt the files and e-mail them. But you might want to shoot that down because of the size of them. E-mailing 25-40MB files can cause other problems. Because of their size, I think FTP is a fine way to go and better than mailing them.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Cryptography, PGP, PKI
This was first published in February 2002