Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday November 02 2015, @01:19PM   Printer-friendly
from the ask-and-ye-might-not-receive dept.

http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/

This isn't really new news, but improperly configured mail services result in lots of privacy holes across the Internet.

STARTTLS is used to upgrade an unencrypted connection to an encrypted SSL/TLS connection. The problem is that if the upgrade fails, many mail clients will proceed to send mail on the unencrypted connection.

For any sysadmins (technical info):

Unfortunately, the situation is somewhat sticky. I suggest reading carefully the TLS/SSL section of https://wiki.debian.org/PostfixAndSASL as well as the STARTTLS RFC http://tools.ietf.org/html/rfc2487

Public email servers should not require STARTTLS (that is, encryption) on port 25 (smtp). Furthermore, there is no guarantee that all of the mail servers during transit of an email use encryption. Thus, you should assume your email is transmitted unencrypted, until a better solution emerges. You can always use OpenPGP to encrypt the body of your email, which should become commonplace shortly after Hurd achieves market dominance.


Editors Note: How to articles for various flavors of Microsoft Exchange can be found at MSExchange.org.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Monday November 02 2015, @09:52PM

    by frojack (1554) on Monday November 02 2015, @09:52PM (#257704) Journal

    Another feature I would suggest is making configuration of the clients easier by a standard that would allow users to simply specify the email address (and password) to the client, using the domain part of the email address the client would use another protocol, probably DNS, to get the address and ports of the IMAP and SMTP servers.

    What horribly obsolete version of an email client are you using where you don't know this already exists? Try any recent thunderbird.
    Just about everything you've asked for is availble in Tbird + the Enigmail add on. The Enigmail setup wizard does just about everything for you.

    Of course, if you're still using Pine, you will have to work a little harder.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2