Re: Five volunteers needed (EU only please)

2020-11-30 Thread Mark Fernandes via Gnupg-users 
> --
>
> Message: 2
> Date: Thu, 26 Nov 2020 12:10:59 +0100
> From: Dirk Gottschalk 
> To: gnupg-users@gnupg.org
> Subject: Re: Five volunteers needed (EU only please)
> Message-ID:
> <39d845f714609d1ce09286e991ab1056e9dfae2a.ca...@googlemail.com>
> Content-Type: text/plain; charset="utf-8"
>
> ...
>
> Am Montag, den 05.10.2020, 17:37 +0200 schrieb Stefan Claas:
> > ...
> >
> > My new idea is to send encrypted postcards or letters, with an NFC
> > tag attached,
> > containing a GnuPG clearsigned test message. ...
> > [...]
>
> ...
> The Tags should have enough memory to take encrypted messages. I think
> at least 12k. The more memory, the longer can the message be.
>
> 



It might be better only to use tags that have relatively small amounts of
memory, in order to be more secure: if your computer has been hacked, it
may try to do arbitrary code execution of data on the NFC, where someone
may have deceptively planted malware.


Kind regards,


Mark Fernandes
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Five volunteers needed (EU .... Are you sure that this is really advantageous?

2020-10-07 Thread Mark Fernandes via Gnupg-users 
>
> Date: Tue, 6 Oct 2020 12:34:43 +0200
> From: Stefan Claas 
> To: Mark Fernandes ,
> gnupg-users@gnupg.org
> Subject: Re: Five volunteers needed (EU  Are you sure that this is
> really advantageous?
> Message-ID: <20201006113425.7...@300baud.de>
> Content-Type: text/plain; charset=US-ASCII
>
> ...



I strongly doubt that *hard working* postmen will do this, because sooner or
> later this will be detected and investigated and it would cost postmen IMHO
> valuable time (which they probably don't have) to copy and send my mail to
> 3rd parties outside the EU. IIRC, postal services scan mail for the
> addresses,
> for automatic sorting machines, but I have never read that they also scan
> letter content within a letter or from postcards, which would violate
> the confidentiality of letters, guaranteed by laws, in Germany and
> elsewhere.
>
> And if you think, or someone else thinks that *hard working* postmen could
> be not trusted, how about all the roots working at email providers? I am
> more concerned nowadays (remember Edward Snowden handling over electronic
> documents from his employer to third parties) that people (maybe part-time
> or intern etc.) can handle over such data to 3rd parties outside the EU,
> much much easier and without been detected.
>
>
Hello Stefan. I'm not saying hard-working, honest postmen would do this,
but not all postmen are necessarily hard-working and honest. How difficult
is it to steam-open an envelope, take a photo of the contents with your
smartphone, send it abroad, and then reseal the envelope? And that's just
the obvious form of corruption... My father lived through a revolution in
the country of his birth, and ended-up leaving the country. The people who
caused the revolution likely didn't all of a sudden organise; probably
through clandestine, and partly corrupt practices, they organised and
planned their attacks. Believing that the postal systems are definitely
secure just seems unwarranted.

I tend to think (perhaps you might say wrongly), that the internet
represents a more secure form of communication, partly because of its
history of origin and development being based in the US military.

Concerning the roots of email providers, I was under the belief that often
internet services were encrypted such that employees of a provider
basically couldn't see user assets in unencrypted form. I would be
surprised if Google employees could read my emails without somehow getting
the password from me. I know email isn't necessarily secure, but so far as
employees and company resources at the provider's end, I don't think they
can do much really. Extra efforts would have to be made to intercept
unencrypted traffic. If I just sent a GMAIL email to another GMAIL address,
because such emails are not at all sent unencrypted (as far as I know), it
would be impossible to read the email unless they somehow hacked my user
environment, eg. if they did something like capturing my password using
hidden cameras in my room. Perhaps I'm wrong?

I'm definitely not saying that the postal system can't be used. But I'm
just saying that perhaps it doesn't represent more than a little more
security than certain digital forms of communication. The good thing about
cryptography algorithms, is that you can study the mathematics behind them,
and convince yourself that they work. Whereas with the postal system, it's
more based simply on reputation and the word of other people. The
algorithms can be verified by users, but the same doesn't seem much true
with the postal system.

Your idea though, of using both digital comms and the postal system
together, is probably a good one, but just not sure you have the right form
yet.


Thanks,


Mark F
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Five volunteers needed (EU .... Are you sure that this is really advantageous?

2020-10-06 Thread Mark Fernandes via Gnupg-users 
>
> Date: Mon, 5 Oct 2020 17:37:57 +0200
> From: Stefan Claas 
> ...
> Subject: Five volunteers needed (EU only please)
> Message-ID: <20201005163757.3...@300baud.de>
> Content-Type: text/plain; charset=US-ASCII
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi all,
>
> ...
> My new idea is to send encrypted postcards or letters, with an NFC tag
> attached,
> containing a GnuPG clearsigned test message. ...
>
> Why I came up with this idea? Well I thought of a way to send private
> content digitally,
> without Internet usage, so that 3rd parties outside the EU have it
> difficult to intercept
> such messages, in order to protect EU businesses and to show the young
> generation that
> local postal services should be supported, in favor of a globally
> surveilled Internet.
>
> A standard NFC tag can't store that much data, but there are different
> types available
> and one can use also modern encryption software which gives you more
> encrypted payload.
>
> .. those NFC tags can also be destroyed
> with special* hardware devices or bought in a form that they get destroyed
> if someone tries
> to take them off, from the carrier medium.
>
>
>
Hello Stefan. Forgive my ignorance, but I'm failing to see the significant
benefit of such a method. Is what you are proposing similar to sending an
encrypted message on CD via the post, that the recipient then gets
decrypted using the public key published on the internet?

I don't consider postal systems, even those in the EU, to be generally
secure or at least verifiable as being secure. Actually worked for a
Christmas stint at Royal Mail, helping out with the extra mail--didn't
convince me that mail was much secured. Postmen can be blackmailed, bribed,
or succumb to other methods of attack. What's stopping someone working in
the postal system from simply corruptly sending data to outside the EU?


Thanks,


Mark F

P. S. I have an idea about how public-private key encryption can be used
for detecting forged physical currency. But I suppose this is probably the
wrong forum for such things?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users