Stories
Slash Boxes
Comments

SoylentNews is people

Do Not Rely on STARTTLS to Automatically Encrypt Your Sensitive E-mails

posted by martyb on Monday November 02 2015, @01:19PM   Printer-friendly
from the ask-and-ye-might-not-receive dept.

darkfeline writes:

http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/

This isn't really new news, but improperly configured mail services result in lots of privacy holes across the Internet.

STARTTLS is used to upgrade an unencrypted connection to an encrypted SSL/TLS connection. The problem is that if the upgrade fails, many mail clients will proceed to send mail on the unencrypted connection.

For any sysadmins (technical info):

Unfortunately, the situation is somewhat sticky. I suggest reading carefully the TLS/SSL section of https://wiki.debian.org/PostfixAndSASL as well as the STARTTLS RFC http://tools.ietf.org/html/rfc2487

Public email servers should not require STARTTLS (that is, encryption) on port 25 (smtp). Furthermore, there is no guarantee that all of the mail servers during transit of an email use encryption. Thus, you should assume your email is transmitted unencrypted, until a better solution emerges. You can always use OpenPGP to encrypt the body of your email, which should become commonplace shortly after Hurd achieves market dominance.

Editors Note: How to articles for various flavors of Microsoft Exchange can be found at MSExchange.org.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Do Not Rely on STARTTLS to Automatically Encrypt Your Sensitive E-mails | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Hyperturtle on Monday November 02 2015, @04:32PM

    by Hyperturtle (2824) on Monday November 02 2015, @04:32PM (#257573)

    yeah. this is like saying don't trust the notes you pass in class to not be encrypted unless you wrote it in a cryptic code yourself to ensure the content is encrypted and not readable by the systems/messengers/fellow students passing it on.

    Or the mail system as you said.

    Or notes on paper at the office that one photo copies and hands out for meetings or whatever.

    I think the real concern here is SHOCK automatic safety automatically fails to unsafety so that it still works!

    There's a reason it fails open... and that reason is probably tied to preventing a complete outage of the service if there are no redundancies in place that can encrypt it the same way.

    A metaphor is any small medium business type of IT person that set up TCP based Syslog on a firewall probably has experienced first hand what happens when the server guys reboot the syslog server with no warning. Poof. No internets. And if in the middle of updates or if it is not a self-start on boot service, big problems result due to being too secure. (there are technical ways to never encounter this -- like, redundancy of the syslog server, the connections leading to it, etc--but all that duplication of effort costs money, so often.. UDP gets used instead, because syslog UDP doesn't even notice if the logger drops).

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2