Secure communications? - PGP

This is a discussion on Secure communications? - PGP ; I am a 44 year old female who lives in a Third World Country, and I am trying to establish a small export business. Because of the political and business climate in my homeland I feel it absolutely necessary to ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: Secure communications?

  1. Secure communications?

    I am a 44 year old female who lives in a Third World Country, and I am
    trying to establish a small export business. Because of the political
    and business climate in my homeland I feel it absolutely necessary to
    use encryption when I communicate with customers in other countries.

    But few people use encryption at my level in the business world. I
    find that exasperating. In fact it will kill my business if I don't
    find a way around the problem. I simply cannot send and receive
    messages in the clear. For me it is too dangersous.

    My attempts to convince people to use PGP or GPG are falling on deaf
    ears. All I get are reasons why THEY feel encryption is unnecessary and
    therefore a waste of time for them. To me it is beginning to look as if
    they refuse to encrypt their emails simply because they don't have the
    brains for it.

    Does anyone offer an email client that allows for an EASY and simple
    way to communicate securely? Something that even an idiot can use? My
    financial future depends on it.

    E.Z Vasquez


  2. Re: Secure communications?

    ezvasquez@yahoo.com wrote:

    > Does anyone offer an email client that allows for an EASY and
    > simple way to communicate securely? Something that even an idiot can
    > use? My financial future depends on it.


    That wouldn't help you, I'm afraid. People will still need to be forced
    to use it.

    Just about ANY decent email client will support S/MIME nowadays, and
    that's secure - but you'll need to make your business partners accept
    that THEY will have to spend a few minutes into generating
    x.509-certificates, for example at Trustcenter.de or Thawte.com


    Juergen Nieveler
    --
    famous last words: .....shure I'm shure!

  3. Re: Secure communications?

    In article <1109526752.729901.153130@o13g2000cwo.googlegroups. com>, ezvasquez@yahoo.com wrote:
    > I am a 44 year old female who lives in a Third World Country, and I am
    > trying to establish a small export business. Because of the political
    > and business climate in my homeland I feel it absolutely necessary to
    > use encryption when I communicate with customers in other countries.


    What are you actually trying to prevent? There are different strategies
    you want to pursue depending on what you need to hide. This might for example
    include that you are communicating with people outside of your country, that
    you are communicating with specific people and the contents of your
    communications.

    > Does anyone offer an email client that allows for an EASY and simple
    > way to communicate securely? Something that even an idiot can use? My
    > financial future depends on it.


    A possible option is for you to get a shell account on a machine that you
    think might be safe from snooping by whoever you are afraid of. There is
    a good chance that your government won't be able to snoop traffic outside
    of your country unless you are known to be a high value target in which case
    you are probably hosed anyway. You should be able to communicate with that
    remote computer without your government being able to read your traffic
    unless they tamper with your computer. They will know that you are
    communicating with a computer outside of the country and that still may cause
    you problems. If you use that remote computer for sending and receiving
    email, your government won't have easy access to the content of the email.

  4. Re: Secure communications?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Maybe you could use Hushmail http://www.hushmail.com/
    and convince them to as well.

    I don't know if your business is large enough to use PGP Universal,
    and if that might take care of the situation for you. I really don't
    know the details of what all it involves.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQiJE5WDeI9apM77TAQLb+Af5AVixZ+XTm+gajdVogQ eqjby4GEYabG0c
    iPzVmlKFDvSeUMc79TEyzCke1skYYLSHxpoWHGVEwqrvOwpeke OUXy+eBhH2B+yy
    +adA+ZOw6/BUsApT/btEoVhGaZlsiR+hBqYeuWgG44SLtyn7SjqVofoKXbIF081L
    O0V1GNUTsfdtLusWx4AdJPo7/tmCpDNU8YHNL4tHNYFdaG5XnBxgMFditOUphNEx
    r3M1fpf9iE/hmv0qbTFuqz3hLw+Bnc00lIc4vjg9JYhvAxJKjGNEaQD9f2UtU Kq+
    lT2+jE117C+W9CNFXYChD7kQZ1VT9J+baydouNfD3GZZKx9xt5 Fflw==
    =7ktB
    -----END PGP SIGNATURE-----

  5. Re: Secure communications?

    On 27 Feb 2005 09:52:32 -0800, wrote:
    > ...
    > My attempts to convince people to use PGP or GPG are falling on deaf
    > ears. All I get are reasons why THEY feel encryption is unnecessary and
    > therefore a waste of time for them...


    Have you considered storing your received mail on an IMAP server and using
    a secure/encrypted webmail interface?

    --
    William Tasso

  6. Re: Secure communications?

    On 28 Feb 2005 11:07:49 -0800, wrote:
    > ...
    > I have not considered an IMAP server and a secure link to it.


    Having read the rest of your posts I am no longer convinced that this
    would give you the security you desire. Personally I cannot see that I
    would wish to place life threatening information on a public server
    anywhere. Anyway, here's the scheme:

    o find a location (country?) you trust
    o find a host/isp you trust that sells IMAP service with an SSL secured
    webmail interface
    o mail from your contacts is stored on the IMAP server
    o you connect (maybe via proxy) using SSL to the webmail interface

    Mail is stored on that server and you are in control of what, if anything,
    is downloaded and stored on your local machine.

    However there are risks:
    o Server could be compromised
    o mail between the server and your contacts is unencrypted

    As I said that risk would be unacceptable to me. It's not just 3rd world
    countries that should be wary of their own security services. This may be
    of interest: http://www.havenco.com/

    If SSL is secure enough for you then here's an alternative plan.
    o ditch the entire idea of email
    o have your contacts communicate via a web based interface, much like an
    'issue ticketing' system.

    In any event, good luck.
    --
    William Tasso

  7. Re: Secure communications?

    On 28 Feb 2005 11:07:49 -0800, ezvasquez@yahoo.com wrote:

    >
    > I thank each of you for taking the time to respond to my plea, but it
    >is obvious that none of you can help although I'm sure you want to do
    >that.
    >



    I'd highly recommend purchasing a Unix/Linux/BSD shell account, and then using
    PINE via an SSH connection.

    Heck, pleny of places give out free shell accounts if they aren't going to be
    used for IRC stuff.

    you could use PGP-PINE (compatible with GNUPG) if you want even more security.




  8. Re: Secure communications?

    In article <2q08211fq9v1cf3sp8h11g75j04bus5tb4@4ax.com>, invalid@invalid.org
    says...
    > I'd highly recommend purchasing a Unix/Linux/BSD shell account, and then
    > using PINE via an SSH connection.
    >
    > Heck, pleny of places give out free shell accounts if they aren't going to
    > be used for IRC stuff.
    >
    > you could use PGP-PINE (compatible with GNUPG) if you want even more
    > security.


    Make sure that not only the link between the user PC and the server is
    secure, but both the user PC and the server are themselves secure as
    well. If your user PC is full of loopholes, they probably can _secure_
    their own trojan or key logger to keep abreast of your activities.

    Eric --

  9. Re: Secure communications?

    In an attempt to throw the authorities off his trail, William Tasso transmitted:
    > On 28 Feb 2005 11:07:49 -0800, wrote:
    >> ...
    >> I have not considered an IMAP server and a secure link to it.

    >
    > Having read the rest of your posts I am no longer convinced that this
    > would give you the security you desire. Personally I cannot see that
    > I would wish to place life threatening information on a public server
    > anywhere.


    [much elided]

    This approach is likely of _some_ value; it would mean that in order
    for someone to obtain information from "ezvasquez's" mail account,
    they would have to be able to tamper with servers in foreign
    countries, and that that won't be as simple as bribing some local
    person that only makes $50/month to whom an extra $20 is a lot.

    However, it does not address the other side of the threat model.

    If "ezvasquez," who lives in Dangeria, is sending commercial messages
    containing dangerously sensitive information to other people that also
    live in Dangeria but who don't care to secure their own mail, then
    there's an additional unaddressable threat.

    The "ezpvasquez" mail might be essentially unassailable based on the
    resources available in Dangeria. But if sales (and communications)
    are going to "Mr Pink" (who doesn't think crypto is important), then
    the Dangerian criminal elements can bribe "Mr Pink"'s ISP to get
    copies of what "ezpvasquez" sent him as well as his responses.

    Based on this, I don't think there's any good news there for
    "ezpvasquez." Communications can only be as secure as the measures
    taken by BOTH sides, and if you can't trust the other side, you're
    toast.
    --
    let name="cbbrowne" and tld="gmail.com" in name ^ "@" ^ tld;;
    http://linuxdatabases.info/info/linuxdistributions.html
    Rules of the Evil Overlord #45. "I will make sure I have a clear
    understanding of who is responsible for what in my organization. For
    example, if my general screws up I will not draw my weapon, point it
    at him, say "And here is the price for failure," then suddenly turn
    and kill some random underling."

  10. Re: Secure communications?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    ezvasquez@yahoo.com wrote:

    > You say that there is a GOOD chance that my government won't be

    able
    > to read my email once it is outside of my country. GOOD CHANCE?

    I'm
    > betting my daughter's life on the fact they can't read my mail.

    Tell me
    > how to make my chances GOOD enough to warrant a risk that large.
    >
    > And how do I prevent the criminal element from reading my mail

    while
    > it travels "in the clear" over the phone lines within my own

    country?

    from what you describe,

    the only reasonable solution would be to have someone that 'you'
    trust,
    in a 'free' country abroad, act as your middle-person between you and
    your contacts

    [1] this person would communicate with you only in secure encrypted
    communication with pgp

    (btw, i would recommend gnupg instead, and use the throw-keyid
    options,
    and using hushmail as your mailer

    (hushmail hides the origins in the headers and footers,
    and allows for anonymous signup,

    the throw-keyid option hides the keyid in the pgp message, so that if
    the message is intercepted, it cannot be proven who it was encrypted
    to,
    without trying the 'real' key and passphrase,
    so if the passphrase is suddenly 'forgotten', (and was a 'secure' one
    to begin with, then there is no known way to link that pgp message to
    its intended decrypting key )

    [2] your chosen middle person, handles all the transaction with the
    client
    using ordinary acceptable business communication standards


    now for the 'hard' part: 'finding' such a person

    a reasonable place to start, might be to contact some of the
    international human rights organizations,
    explain your situation,
    and ask for someone whom they trust as
    'aware of the real dangers in the countries you describe, and deeply
    committed to protecting the innocent against such human rights
    abuses,
    and who would also be interested in going into a business arrangement
    with you.


    good luck,

    vedaal


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32) - WinPT 0.9.50
    Comment: Acts of Kindness better the World, and protect the Soul

    iQIVAwUBQicu3lqiDIZqWJqXAQhhnRAAtK21n2y70GplAuVT6N tRF6Pa1ixda0mz
    hckZMAL/ZGCgbExY3MLzc/BzJmVXivxvC20m0UADth0FU6EZIzCl8jg1JqCrbU0u
    pC/mJALr3xLGIuYXmD7jPfe6nouv+n1rOsXMeHVnMyvSdwjkutFqz R+epNCYNObR
    TQWMDrB6qdnC4dlEkErMsb9379LbW/Vgfq9o5bkylsVA1qrsNTITO4Teq8RMYm5Y
    kMJneTwgqyVdT8yLc5BxG0zA/GnXoGZn9zvdsw/vTdlTl9fBOJB7lY1pNOkU4FAV
    IXpIQLBztfQvbZlOjfOLJ3ZYg+BEFZFDxd4ZmziA7rQg+oNjR2 v3srDcEDnMFeRl
    NQaq7sa7BSCZQi3xrqEDCOe1EJbHVQTBb0P4D2zXLdxQTq8k0X Hm3SJO9d4kj8CE
    tLMbRDCfb2RAPW9CJWpqDSTdi08mNQ4IpJ/NBLWRTuCLGtyIWnPemZblxMybzQI7
    38p7WjHLyCa3dsel73YLer3fA6yQFFP6AxjCzY3putze/Qhs3goc8/1NbVAtoe2t
    lCRBhIYjy1wcg2JBDSAvNblwlujez2cAvuSbZ0Ren2wkYJlpH7 Ws15O3KzXuEXtv
    rEXuNr7CC1KCQ59XrfieNWRYPD1BBfSDu5dG7QT/8FZX1bz0Xc3jSXmIlqm6MMLw
    rwnr2x+SPPg=
    =OWBy
    -----END PGP SIGNATURE-----


  11. Re: Secure communications?

    "vedaal" wrote in
    news:1109864351.515133.36700@z14g2000cwz.googlegro ups.com:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA256
    >

    [...]

    Is it just me or is vedaal's signature not verifying?

    -- John

  12. Re: Secure communications?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    John Wunderlich wrote in
    news:Xns960F80EF3B5E8wunderpsdrscraytheon@138.126. 254.210:

    > Is it just me or is vedaal's signature not verifying?


    It's bad here too - looks like there has been some wrapping.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQijpWGDeI9apM77TAQIdtgf9FclbAl6khfVB2B/GklbUvTzzwe0L//5q
    pEzx0xGaE9qFStfsIojABrrXEMEPRA8DKYI9tXtOCNPR6Xgluj JI6CRfvur+QyhX
    JW9DNw+NI2dv7fWoVU2/0m0B3JIowDeF0wQjgyw1CMXdHkI1GXe//jWrG2JFSPz4
    IkJKbdJWUaSIRD3+6Z0x4zMaRdjtclcG3TOL22bUUCt43xz69l T9xjsCSVAEcA7/
    U+8tPw8zp3Jt411aa25+O21BSQ09nIso6cOAmUlKPSl/VOEJZJuTxYG+jf0tqKQZ
    0QzklQ61GxwrzDiGhOiw9lVDQoA+LXVbYxwblqjN049P27nTAX e1fA==
    =azL0
    -----END PGP SIGNATURE-----

  13. Re: Secure communications?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Tom McCune wrote:

    > > Is it just me or is vedaal's signature not verifying?

    >
    > It's bad here too - looks like there has been some wrapping.


    google's new formatting,

    will try again
    with wrap set to the minimum for the pgp block (64)
    and see if it gets in under the wire

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32) - WinPT 0.9.50
    Comment: Acts of Kindness better the World, and protect the Soul

    iQIVAwUBQishPVqiDIZqWJqXAQiH8BAAnvYk5XuNvupIVJnbqD fWfltp0xUuPVYS
    UMl109QSpsL4kt/ibm/B2YereCbdsocN4ryUgseMBGZypH2E7kMy9pZd9DPKraN2
    dkSyKJMsgwWpmj+Gz419VJQlA5GiBB74zQik2W1QHKsLesCfEV z6q77NxIbzg2k6
    3Ry09X2Ixd6nS4uPQrqjaj/X/hhUWOiIOWKRN5fhLzecsdKkzMiZIIx3xnMtOysm
    ny7uYdL7PNMtepJT3fdvJgkmE/k0y+TVpMG3iE+YAWQle6cXriv7udsC2O+MqQ/b
    OyGjrlGyCkmZefPbfPpIFv9mNDt1fMKlV2gt4CyOn+414Mbb0v 7ekKpeVuEj+rT5
    TINv0xbp9ic7WxyjqN0xYJ3BmFj5c6gCqalpEvFpEU3BwGMkTy t6PDWkfjjx9TDb
    LbVfFTjEJB8T1sSAurRxjFYNSUAfrTesdjaEZZxzMSAuA4TYFt uaHZSrMvzg3ke3
    srR4h6es+2Xj7JxVMzZrkBFvwh4sI5kfZzVW4/wG9kk9u7/Dmg/1xMtqfilGb2cn
    IWd9SQ15rJNGLO9LoSaACsisv0TOmoioKuVU0MpV07aFl+QuSF uab6RiQ0RX5Zbd
    taRI0q48sog/0WrjPQBtUPZxDXG2JLLl9OrqxJx6LjqHdL+80CbbW+eowglBfo 4N
    +ZTzaFmIH04=
    =bzn/
    -----END PGP SIGNATURE-----


  14. Re: Secure communications?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "vedaal" wrote in
    news:1110122904.013185.145550@z14g2000cwz.googlegr oups.com:

    > google's new formatting,
    >
    > will try again
    > with wrap set to the minimum for the pgp block (64)
    > and see if it gets in under the wire


    This gave a good signature.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQismfWDeI9apM77TAQIJjQf/aZyjVycyrdK91578UAQogF+Fx3wrfCFn
    WALMZyeH9wBexVLZPDVH8+vRe+p8yfu1lNu/gZDdA3R9+YKbJxEhg0xFVQxE9jL1
    M3BaOniGhZAu0c/DNH3czEQa2C1Mu1TNC804aGqxvpK1lu6LsAvsTMMom0Fuo4OA
    yZdlIISJtu82ILCwZ5gMfHXxRGUcjZWcdRDCvx3xdril90xZMr wLL+7HANVuOzE4
    B4ZCejt5BV6lpRVoEjTsIAHM5W3CK7S9dviROk1qmWRBHA0/CdooAvQJmhFOLCzg
    4So76QDGoEWChzhEW9+pMhTb0lE0pWn5+4OGOORQN+b9Onep5Z Dr/w==
    =RTzQ
    -----END PGP SIGNATURE-----

+ Reply to Thread