The World NEXT ends
Recent Entries
- Driving around Baton Rouge yes
- Looks notable: Google, Microso
- Perspective - Welcome to the t
- and the spinning is on... IBM
- Trying to work out what was mi
- Three points that Lotusphere,
- I, Cringley: IBM’s reor
- Domino customer? Please call I
- IBM’s POODLE TLS fixes f
- Rethinking Ray Ozzie
- Good! Communication on upcomin
- What IBM’s response to t
- I, Cassandra? If you’re
- Apparent (small) update from I
- Poor Domino users. For folks w
- Re: IBM Domino and SHA-1 / SHA
- Hey, IBM! While you’re a
- Google accelerates end of SHA-
- (Repost): IBM... PLEASE update
- Something was added in the lat
Blog Roll
Categories
Archives
- April 2016 (1)
- March 2016 (1)
- January 2015 (7)
- November 2014 (1)
- October 2014 (7)
- September 2014 (1)
- August 2014 (2)
- November 2012 (1)
- December 2011 (3)
- September 2011 (1)
- August 2011 (1)
- July 2011 (4)
- May 2011 (1)
- April 2011 (1)
- February 2011 (1)
- January 2011 (8)
- December 2010 (9)
- October 2010 (1)
- September 2010 (2)
- August 2010 (4)
- July 2010 (4)
- June 2010 (1)
- May 2010 (6)
- April 2010 (11)
- March 2010 (7)
- January 2010 (17)
- December 2009 (6)
- October 2009 (6)
- September 2009 (9)
- August 2009 (6)
- July 2009 (4)
- March 2009 (6)
- February 2009 (9)
- January 2009 (16)
- December 2008 (11)
- November 2008 (6)
- October 2008 (2)
- September 2008 (11)
- August 2008 (23)
- July 2008 (18)
- June 2008 (4)
- May 2008 (6)
- April 2008 (2)
- March 2008 (7)
- February 2008 (8)
- January 2008 (24)
- December 2007 (16)
- November 2007 (19)
- October 2007 (16)
- September 2007 (5)
- July 2007 (1)
- June 2007 (13)
- May 2007 (34)
- April 2007 (29)
- March 2007 (1)
- January 2007 (1)
Links
One of the things that's annoyed me is that even if both sides support STARTTLS, you can't easily tell if any given email has been transferred securely.
It looks like some big names (but not IBM) have picked up this banner recently and put in a draft to the IETF to address this:
This means that STARTTLS connections are vulnerable to man-in-the-middle attacks, where a hacker in a position to intercept the traffic could present the email sender with any certificate, even a self-signed one, and it will be accepted, allowing for the traffic to be decrypted. Furthermore, STARTTLS connections are vulnerable to so-called encryption downgrade attacks, where the encryption is simply removed.
The newly proposed SMTP Strict Transport Security (SMTP STS) addresses both of those issues. It gives email providers the means to inform connecting clients that TLS is available and should be used. It also tells them how the presented certificate should be validated and what should happen if a TLS connection cannot be safely negotiated.
These SMTP STS policies are defined through special DNS records added to the email server's domain name. The protocol provides mechanisms for clients to automatically validate these policies and to report back on any failures.
Details:----------
The Register
IETF group proposes better SMTP hardening to secure email. At last
http://www.theregister.co.uk/2016/03/22/ietf_group_proposes_better_smtp_hardening/
INFOWORLD
Google, Microsoft, Yahoo, and others publish new email security standard
http://www.infoworld.com/article/3046850/security/google-microsoft-yahoo-and-others-publish-new-email-security-standard.html
Craig Wiseman March 22nd, 2016 08:43:17 PM