servodude wrote:For email attachments are effectively converted to text and sent in the message
In some ways not a lot has changed since UUCP...
Scott.
Thanks to Wasron,jfgw,Rhyd6,eyeball08,Wondergirly, for Donating to support the site
servodude wrote:For email attachments are effectively converted to text and sent in the message
swill453 wrote:servodude wrote:For email attachments are effectively converted to text and sent in the message
In some ways not a lot has changed since UUCP...
Scott.
mc2fool wrote:elkay wrote:In the last few years there has been a big move to end-to-end encryption between sender and recipient, using TLS.
Not quite. It's a good point that hop-by-hop transport level encryption has been increasingly used for email delivery, but it's not end-to-end.
There is no end-to-end connection in the delivery of emails; at it's simplest it's sending client to sending server, which stores the message and then sends it at its own convenience to the receiving server, which stores the message until it's collected by the receiving client. Each of the connections are (can be) encrypted but the email itself is not.
To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.
Alaric wrote:Fluke wrote: said that it was a computer generated message and that they could see a payment had previously been made to the account and so no further checks were needed.
It sounds as if they need to give fresh instructions to the computer which is generating messages. Either that or review the messages before sending them unnecessary demands.
elkay wrote:mc2fool wrote:elkay wrote:In the last few years there has been a big move to end-to-end encryption between sender and recipient, using TLS.
Not quite. It's a good point that hop-by-hop transport level encryption has been increasingly used for email delivery, but it's not end-to-end.
There is no end-to-end connection in the delivery of emails; at it's simplest it's sending client to sending server, which stores the message and then sends it at its own convenience to the receiving server, which stores the message until it's collected by the receiving client. Each of the connections are (can be) encrypted but the email itself is not.
To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.
That's where my understanding differs. My understanding of TLD is that everything is encrypted between the server that is sending and the final server receiving the email, and any servers in between will not be able to see the content of the message.So man-in -the-middle interceptions and the like are not possible. The content is encrypted. Certailnly to a level that financial institutions use it.
PGP goes a step further in that the content is encrypted for the final step to the client effectively, and may be useful in some scenarios, but for me TLS provides all the encryption that most people need most of the time.
elkay wrote:That's where my understanding differs. My understanding of TLD is that everything is encrypted between the server that is sending and the final server receiving the email, and any servers in between will not be able to see the content of the message.So man-in -the-middle interceptions and the like are not possible. The content is encrypted.
servodude wrote:Mike4 wrote:mc2fool wrote:To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.
Would attachments be encrypted as well as the content of the email message?
Thanks.
Yes
For email attachments are effectively converted to text and sent in the message
-sd
UncleEbenezer wrote:servodude wrote:Mike4 wrote:
Yes. We've had PGP for 30 years now, and it's still the best possible security for email (among other things).Would attachments be encrypted as well as the content of the email message?
Thanks.
Yes
For email attachments are effectively converted to text and sent in the message
-sd
That will depend entirely on your software.
If I wanted to attach something secret, I'd encrypt it before attaching to any email.
Infrasonic wrote:Another point to make is that even if something is E2E encrypted unless it is also zero knowledge then it isn't entirely anonymous/secure.
As an example WhatsApp is E2EE but FB will have the decryption keys.
In theory this is so they can provide details with an appropriate court order - in practise do you want to trust Facebook or any other large corporation to 'do the right thing' morally? There's a FB whistle-blower case currently active in the USA.
servodude wrote:I'm worried now that I have given duff assurance (or might be putting my attachments at risk of being compromised) do you have examples of software where
- attachments are not sent via text encoding (be it Base64/MIME or uuencode style stuff)?
- or PGP being applied only to selected message parts?
UncleEbenezer wrote:servodude wrote:I'm worried now that I have given duff assurance (or might be putting my attachments at risk of being compromised) do you have examples of software where
- attachments are not sent via text encoding (be it Base64/MIME or uuencode style stuff)?
That's actually not at all unusual. A text encoding like base64 has been optional for attachments since the 1990s, possibly even the late 1980s.
- or PGP being applied only to selected message parts?
Yes, that's the norm in my own usage.
Though now you mention it, if you have software that offers you an option to encrypt your entire message, I'd expect it either to encrypt all attachments automatically or at least prompt you to ask. Not a matter I'd considered, since I haven't written a mail client!
UncleEbenezer wrote:In theory this is so they can provide details with an appropriate court order - in practise do you want to trust Facebook or any other large corporation to 'do the right thing' morally? There's a FB whistle-blower case currently active in the USA.
For a consumer-oriented service I'd trust them not to nuke themselves quite so gratuitously. The risk/reward for facebook of abusing users' privacy would be horrific. Leave that to specialists, such as NSO (Pegasus).
Infrasonic wrote:When I sold my mothers house under an EPoA I asked my conveyancing solicitors if they could do E2E encrypted email for all correspondence (I have an anonymous Proton Mail email account) - never got a response.
I was hopeful as they had all their staff photos removed from their website placeholders as an ID theft deterrent.
Sunnypad wrote:Infrasonic wrote:When I sold my mothers house under an EPoA I asked my conveyancing solicitors if they could do E2E encrypted email for all correspondence (I have an anonymous Proton Mail email account) - never got a response.
I was hopeful as they had all their staff photos removed from their website placeholders as an ID theft deterrent.
Just out of interest, why did you want all the emails encrypted?
I think my solicitor would have thought i was mad if i had asked that, they wanted bank statements emailed.
Infrasonic wrote:Sunnypad wrote:Infrasonic wrote:When I sold my mothers house under an EPoA I asked my conveyancing solicitors if they could do E2E encrypted email for all correspondence (I have an anonymous Proton Mail email account) - never got a response.
I was hopeful as they had all their staff photos removed from their website placeholders as an ID theft deterrent.
Just out of interest, why did you want all the emails encrypted?
I think my solicitor would have thought i was mad if i had asked that, they wanted bank statements emailed.
I would make the same request to any party where I was discussing sensitive information like large amounts of money, bank details or other uniquely identifying personal information.
Information can be knitted together from various sources and if a high enough value target then pursuing ID theft becomes worthwhile. ID theft is something you really never want to suffer from as not only can it be financially devastating it can also take ages (years in some cases) to get recognised by the relevant authorities as a persona grata again.
I did all my identification stuff in person in the solicitors office with my solicitor in the end, nothing of note went via email.
XFool wrote:Infrasonic wrote:Sunnypad wrote:Just out of interest, why did you want all the emails encrypted?
I think my solicitor would have thought i was mad if i had asked that, they wanted bank statements emailed.
I would make the same request to any party where I was discussing sensitive information like large amounts of money, bank details or other uniquely identifying personal information.
Information can be knitted together from various sources and if a high enough value target then pursuing ID theft becomes worthwhile. ID theft is something you really never want to suffer from as not only can it be financially devastating it can also take ages (years in some cases) to get recognised by the relevant authorities as a persona grata again.
I did all my identification stuff in person in the solicitors office with my solicitor in the end, nothing of note went via email.
Unfortunately this has all now become standard operating procedure, accelerated by COVID and offices not staffed.
Recently I helped someone with a local authority housing application. The lot: Local Authority forms, bank statements, medical records(!), personal details - even a signed letter giving me authority to act on their behalf had to be sent by ordinary email.
Users browsing this forum: No registered users and 54 guests