Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: newbie question

From: "Matt Davis" <stackinjection () gmail com>
Date: Thu, 7 Sep 2006 11:23:02 -0500
You need encryption whose key is not transmitted in MITM-vulnerable or
reverse-engineerable form, much like PGP. It would be best that any email you get be
transmitted to you via PGP. It will sit in your Gmail inbox

PGP-encrypted. You can then

download it as you wish, and decrypt it on your local system.


Not to mention, since it is in your inbox encrypted, it doesn't matter
if your email vendor decides to turn over your emails to any
government agencies when requested.

Of course, that doesn't prevent the agencies from bringing you in and
leaning on you for the keys.  I've seen truly paranoid people keep
keys / data stores in hidden truecrypt volumes to add another layer.
It just depends on the threat model.

Then again, a lot of information can be derived by who emails who, and
what the "flow of the conversation" is.  None of these solutions
prevent your recipients from forwarding the emails on clear text
either.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: