#################################################################
The article was obtained at the following URL: http://www.kfwebs.net/articles/article/16
The article might be distributed further as long as it is provided as it is, with the credits stated.
The Article was written and first published by KF Webs, at http://www.kfwebs.net
#################################################################
email preferences, text,rtf,html,digital signatures and encryption howto
Added: 2005-08-02 13:43:29 - Modified: 2006-09-23 23:20:54 - Level: Beginner
If you were redirected to this page you have most probably sent me a message formatted using HTML (HyperText Markup Language) or RTF (Rich Text Format). In which case I urge you to either send all messages in plain text, or at least send messages to me using this formatting. This can be configured on a per-recipent basis in most modern email clients, or in the default sending configurations.
You may also have sent me an email that were not digitally signed and/or encrypted when it should be.
If you want more information about why I don't like HTML emails, please look at http://www.georgedillon.com/web/html_email_is_evil_still.shtml .
---adc---RTF emails are incompatible with most email clients (but Microsoft Outlook), and your recipents will most likely only see an attachment named winmail.dat.
I prefer to receive emails which are digitally signed using public key authentication. The most common method for doing so is using Pretty Good Privacy ( http://www.pgp.com ), or another application that comply with the OpenPGP IETF standard. Personally I use Gnu Privacy Guard which can be apprehended at http://www.gnupg.org .
Say Alice sent an email to her executive, Bob, claiming to be Charlie. She included some comments that made Bob react against Charlie. Charlie got a reprimande or lost his job. This is a situation that could be avoided by integrating digital signatures in the solution.
Lets start with a question; when you send a letter, do you fold it in an envelope? Why don't you put all your personal data on a postcard? You do this to protect your privacy. Emails are sent in plain text over the internet, usually through several relays before reaching the end goal. Without encryption anyone can read the email on the way.
The European Parliament conducted an investigation against the Echelon-system in a periode between 1999 and 2004, the final report might be read at http://cryptome.org/echelon-ep-fin.htm. But what is this echelon thing? Quoting: http://fly.hiwaay.net/~pspoole/echelon.html
In the greatest surveillance effort ever established, the US National Security Agency (NSA) has created a global spy system, codename ECHELON, which captures and analyzes virtually every phone call, fax, email and telex message sent anywhere in the world. ECHELON is controlled by the NSA and is operated in conjunction with the Government Communications Head Quarters (GCHQ) of England, the Communications Security Establishment (CSE) of Canada, the Australian Defense Security Directorate (DSD), and the General Communications Security Bureau (GCSB) of New Zealand. These organizations are bound together under a secret 1948 agreement, UKUSA, whose terms and text remain under wraps even today.
The ECHELON system is fairly simple in design: position intercept stations all over the world to capture all satellite, microwave, cellular and fiber-optic communications traffic, and then process this information through the massive computer capabilities of the NSA, including advanced voice recognition and optical character recognition (OCR) programs, and look for code words or phrases (known as the ECHELON "Dictionary") that will prompt the computers to flag the message for recording and transcribing for future analysis. Intelligence analysts at each of the respective "listening stations" maintain separate keyword lists for them to analyze any conversation or document flagged by the system, which is then forwarded to the respective intelligence agency headquarters that requested the intercept.
Now, many will probably say that its not a problem that the government surveilance them, as they have nothing to hide. If you just had this thought, please read the final report. Chapter 10.7. Published cases incluse some reading material for you. One case worth to mention is one of Airbus versus Boing in 1994. Where NSA obtained "Information on an order for aircraft concluded between Airbus and the Saudi Arabian national airline" using the means of "Interception of faxes and telephone calls between the negotiating parties" with the goal of "Forwarding of information to Airbus's US competitors, Boeing and McDonnell-Douglas", which resulted in "The Americans won the contract (US$ 6 bn)"
Public key cryptosystems allow anybody to send a message using the public key. A signature allows the recipient of a message to be confident that the sender is indeed who s/he claims to be. Of course the recipient cannot be 100% sure that the sender is indeed who s/he claims to be - only confident - since the cryptosystem may have been broken. The importance of authenticity is especially obvious in a financial context. For example, suppose a bank sends instructions from its branch offices to the central office in the form (a,b) where a is the account number and b is the amount to be credited to the account. A devious customer may deposit £100, observe the resulting transmission and repeatedly restransmit (a,b).
Both parties will always wish to be confident that a message has not been altered during transmission. The encryption makes it difficult for a third party to read a message, but that third party may still be able to alter it in a useful way. A popular example to illustrate this is the homomorphism attack: consider the same bank as above which sends instructions from its branch offices to the central office in the form (a,b) where a is the account number and b is the amount to be credited to the account. A devious customer may deposit £100, intercept the resulting transmission and then transmit (a,b) to become an instant millionaire!
To read more, visit: http://en.wikipedia.org/wiki/Digital_signature
The following link list different email clients and how they incorporate digital signatures and encryption: http://www.bretschneidernet.de/tips/secmua.html
if you need help regarding this setup, please respond to this email and post your operating system and you're email client and version, and I'll respond as soon as I can.
Information about my pgp key can be found at http://www.kfwebs.net/pgp . I currently use PGP Key ID 0x6b0b9508 which has the fingerprint 65F1 73BE C045 0DA0 7A58 6197 16E0 CF8D 6B0B 9508.