Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday November 02 2015, @01:19PM   Printer-friendly
from the ask-and-ye-might-not-receive dept.

http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/

This isn't really new news, but improperly configured mail services result in lots of privacy holes across the Internet.

STARTTLS is used to upgrade an unencrypted connection to an encrypted SSL/TLS connection. The problem is that if the upgrade fails, many mail clients will proceed to send mail on the unencrypted connection.

For any sysadmins (technical info):

Unfortunately, the situation is somewhat sticky. I suggest reading carefully the TLS/SSL section of https://wiki.debian.org/PostfixAndSASL as well as the STARTTLS RFC http://tools.ietf.org/html/rfc2487

Public email servers should not require STARTTLS (that is, encryption) on port 25 (smtp). Furthermore, there is no guarantee that all of the mail servers during transit of an email use encryption. Thus, you should assume your email is transmitted unencrypted, until a better solution emerges. You can always use OpenPGP to encrypt the body of your email, which should become commonplace shortly after Hurd achieves market dominance.


Editors Note: How to articles for various flavors of Microsoft Exchange can be found at MSExchange.org.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by eravnrekaree on Monday November 02 2015, @03:32PM

    by eravnrekaree (555) on Monday November 02 2015, @03:32PM (#257533)

    A big issue here is many email clients are simply garbage and that getting GPG to work is basically the domain of expert users, at least from my own experience, often involving installing obscure plugins to an email client, unintuitive design such as complex configuration settings and so on. The fact is if installing GPG in an email program involved more than one step users will not bother. I deal with common users all of the time and there is a general apathy regarding security and you tell them to install this plugin and that program and set a list of settings and it just flies right over their head and they keep on sending clear text emails. Many do not understand the security issues and why they should use encryption. The encryption should be enabled by default on all clients and work out of the box with no configuration. This is the only way to get your average user to start using it. Many email programs have no built in GPG when it should be a standard feature. Furthermore, it should work out of box with no configuration, however the user should be able to configure everything though the configuration settings if they want.

    Another feature I would suggest is making configuration of the clients easier by a standard that would allow users to simply specify the email address (and password) to the client, using the domain part of the email address the client would use another protocol, probably DNS, to get the address and ports of the IMAP and SMTP servers. Again, for many common users entering IMAP and SMTP addresses overly complicates matters and many will not get this step right or will see this as just too much to deal with and will keep on using web mail. Again someone should be able to manually set their IMAP and SMTP server values if they want, and have many custom server profiles , but it shouldnt be required. Obviously its not a choice between making things easy for common users, and making things configurable and controllable for expert users, we can have both in the same software packages.

    This is software design 101. Software should be able to work out of box with reasonable defaults, but someone should be able through configuration screens configure every aspect of the software if they want. Put lesser used expert settings deeper in the configuration dialogs, such as accessible by an expert settings tab or button.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by VanderDecken on Monday November 02 2015, @04:35PM

    by VanderDecken (5216) on Monday November 02 2015, @04:35PM (#257575)

    It is true that getting a working GPG implementation is too difficult for most users and MUA built-in support is mostly dismal. There is much traffic on various crypto mailing lists about how things could be improved to the point that "Johnny's grandma can do it". (Please avoid going off on a tangent re sexist or age-ist related rants, please.) The biggest problem seems to come down to key management, including how do you Grandma to understand assymetric keys, why they are important, how the halves differ, and how to manage them. And then there is the web-of-trust thing. Through many conversations I have yet to see a proposed solution that both protects the user and is understandable. (Most arguments seem to approach things either from the "hide details from most users" camp that makes it hard for someone to understand when there's a problem, or the "we just need a nicer UI with this New and Shiny Paradigm that uses an analogy that breaks down just when it matters" camp.

    If anyone could come up with a decent solution, there'd be a lot of people interested in it. And I don't mean coding it, I'm talking about just being able to describe it all in detail, with extra points for non-functional mockups. I don't propose SN as the right medium for the conversation, though ...

    See also Why Johnny Can't Encrypt [usenix.org]

    Regarding not having to configure SMTP/IMAP options in clients: Meh. Given that there are no reasonable defaults for the username/password pair (and thus they need to be entered anyway), I don't think that having to enter the hostname is particularly onerous. Things like port numbers already have defaults and don't need to be entered. Should they default to using crypto? Probably. But overall, especially that it's a one-time thing, I don't see configuring your email client to be that much of a hassle. Probably the closest thing would be to define preferred SMTP and IMAP servers in the DHCP response payload, but in the world of mobile computing I would say that such information is going to be wrong more often than not, anyway. (About the only time it would be helpful is in enterprise deployments, and client configuration there is already a solved problem anyway.)

    --
    The two most common elements in the universe are hydrogen and stupidity.
    • (Score: 2) by frojack on Monday November 02 2015, @09:48PM

      by frojack (1554) on Monday November 02 2015, @09:48PM (#257702) Journal

      It is true that getting a working GPG implementation is too difficult for most users and MUA built-in support is mostly dismal.

      Not really. Thunderbird+enigmail has a wizard that walks you through the whole process.
      The hardest part is KNOWING about the need for it. Once you get beyond that its easy.
      Tbird also knows about ports and servers for all large mail hosts. Give it an email address and it can sus out what the host, ports, and protocols are.

      --
      No, you are mistaken. I've always had this sig.
  • (Score: 2) by frojack on Monday November 02 2015, @09:52PM

    by frojack (1554) on Monday November 02 2015, @09:52PM (#257704) Journal

    Another feature I would suggest is making configuration of the clients easier by a standard that would allow users to simply specify the email address (and password) to the client, using the domain part of the email address the client would use another protocol, probably DNS, to get the address and ports of the IMAP and SMTP servers.

    What horribly obsolete version of an email client are you using where you don't know this already exists? Try any recent thunderbird.
    Just about everything you've asked for is availble in Tbird + the Enigmail add on. The Enigmail setup wizard does just about everything for you.

    Of course, if you're still using Pine, you will have to work a little harder.

    --
    No, you are mistaken. I've always had this sig.