[OT] Where can I find some papers to read on mail (and envelope) security?

Stefan Claas sac at 300baud.de
Wed Jan 30 16:33:27 CET 2019 

On Wed, 30 Jan 2019 13:20:01 +0100, Philipp Klaus Krause wrote:
> There has been plenty of research on email security and the need for
> encryption is well-known.
> 
> However, I wonder if there has been any research on mail security. Of
> course, one could just put a GPG-encrypted letter in an ordinary
> envelope, but there are more common measures that are meant to give some
> additional security over the standard mail. I wonder how well those work.
> 
> Are there any good textbooks, etc?

Interesting topic, which i am interested in as well. I started, as German
citizen, to use also epost Brief and De-Mail a while ago, when
communicating sometimes with friends, because i like those paid
services much more than the classical email PGP combo.

(Does anyone know why GnuPG does not support stealth mode,
like old versions of PGP had, to make it harder for procmail?)
 
> There are a few aspects I can think of (but there is probably more):
> * Patterns printed on the inside of envelopers. These are meant gainst
> the use of light to read the contents of an unopened enveloper. How
> strong are these in the face of image recognition? Did someone study
> such patters?

Maybe an additional layer of household aluminium foil should work fine.

> * Tamper-proof enevelopes, meant to make it hard to open an envelope
> unnoticed. How well do these work? Does it even make snsne to put much
> effort into them, as an attacker could use a new envelope (though there
> might be some difficulties involved to get or fake the right postmark)?
> * There seems to be some literature on the security of wax seals (e.g.
> "Licet ad regimen", published in 1198 - does anyone know of a German,
> French or English translation).

Services which do such things may have international stamps in stock,
just in case ... About traditional wax seals, i could imagine a silicone mold
would be enough to fake such a seal successfully.

But now i have a question, if you don't mind. Prior sending an encrypted
letter, have you thought about a proper ASCII armor also, because when i
did tests in the past i found only codegroup suitable, but even FOSS OCR
software can not detect hundert percent codegroup letters. Maybe one
needs to use a special font ...

https://www.fourmilab.ch/codegroup/

Regards
Stefan

More information about the Gnupg-users mailing list