A Solution for Sending Messages Safely from EFAIL-safe Senders to EFAIL-unsafe Receivers

Robert J. Hansen rjh at sixdemonbag.org
Tue May 29 00:39:18 CEST 2018

> Regarding the subject there is a simple and also fun solution: If you
> need to hide the subject, use a nonsense phrase instead.  Such a phrase
> makes mental pre-sorting as effecitive as an on-topic subject.

Or, better, use a system of random nonsense phrases.  Let's say you have
seven different subjects that you regularly correspond about via private
emails -- corresponding to seven different business customers, whatever.
 For each customer you've got sales, marketing, provisioning, support, R&D.

Seven customers.  You need a group that has seven elements.  Colors:
red, orange, yellow, green, blue, indigo, violet.  Five different types
of subjects: five permanent members of the U.N. Security Council (the
U.S., Britain, France, Russia, China).  You can now map a phrase like
INDIGO FRANCE to a customer and a task type.  Different threads get -A,
-B, -C, -D suffixes: some random word beginning with that letter will
suffice.  INDIGO FRANCE DERELICT would refer to "the IBM contract, R&D
work, the fourth thread."

Sure, this only obscures the subject.  It exposes the metadata and
allows an attacker to monitor what the communication patterns are like.
But honestly, that's plenty good enough for the vast majority of
confidential emails...

More information about the Gnupg-users mailing list