Stories
Slash Boxes
Comments

SoylentNews is people

Do Not Rely on STARTTLS to Automatically Encrypt Your Sensitive E-mails

posted by martyb on Monday November 02 2015, @01:19PM   Printer-friendly
from the ask-and-ye-might-not-receive dept.

darkfeline writes:

http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/

This isn't really new news, but improperly configured mail services result in lots of privacy holes across the Internet.

STARTTLS is used to upgrade an unencrypted connection to an encrypted SSL/TLS connection. The problem is that if the upgrade fails, many mail clients will proceed to send mail on the unencrypted connection.

For any sysadmins (technical info):

Unfortunately, the situation is somewhat sticky. I suggest reading carefully the TLS/SSL section of https://wiki.debian.org/PostfixAndSASL as well as the STARTTLS RFC http://tools.ietf.org/html/rfc2487

Public email servers should not require STARTTLS (that is, encryption) on port 25 (smtp). Furthermore, there is no guarantee that all of the mail servers during transit of an email use encryption. Thus, you should assume your email is transmitted unencrypted, until a better solution emerges. You can always use OpenPGP to encrypt the body of your email, which should become commonplace shortly after Hurd achieves market dominance.

Editors Note: How to articles for various flavors of Microsoft Exchange can be found at MSExchange.org.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Do Not Rely on STARTTLS to Automatically Encrypt Your Sensitive E-mails | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by Runaway1956 on Monday November 02 2015, @01:56PM

    by Runaway1956 (2926) Subscriber Badge on Monday November 02 2015, @01:56PM (#257486) Journal

    "which should become commonplace shortly after Hurd achieves market dominance."

    Huh?

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Monday November 02 2015, @02:42PM

    by Anonymous Coward on Monday November 02 2015, @02:42PM (#257516)

    I Hurd that on the grapevine.

  • (Score: 2) by Thexalon on Monday November 02 2015, @05:33PM

    by Thexalon (636) on Monday November 02 2015, @05:33PM (#257606)

    A geeky way of saying "When Hell freezes over", "When pigs fly", etc.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.

  • (Score: 2) by DeathMonkey on Monday November 02 2015, @06:21PM

    by DeathMonkey (1380) on Monday November 02 2015, @06:21PM (#257622) Journal

    "which should become commonplace shortly after Hurd achieves market dominance."
    Huh?
     
    It's been a tough couple years since they finally release Duke Nukem Forever...

  • (Score: 0) by Anonymous Coward on Monday November 02 2015, @06:46PM

    by Anonymous Coward on Monday November 02 2015, @06:46PM (#257628)

    That is a reference to https://en.wikipedia.org/wiki/GNU_Hurd [wikipedia.org] and that is the GNU project's kernel. It began development before Linux and still isn't stable. Part of the problem is the difference between micro kernels and monolithic ones. But the other problems include the lack of man-hours by developers, the fragmented efforts (there are at least 3 kernels under the HURD banner that I can think of off hand, but most development is in GNU Mach) and the fact that systems are more complicated in order to get a "just works" result or higher security (see not only USB or WiFi but also PCIe and SSDs).