[Cryptography] Facebook on the state of STARTTLS

Phillip Hallam-Baker phill at hallambaker.com
Mon May 19 14:29:47 EDT 2014 

On Mon, May 19, 2014 at 12:47 AM, Viktor Dukhovni
<cryptography at dukhovni.org> wrote:
> On Mon, May 19, 2014 at 12:35:51AM -0400, Eric Mill wrote:
>
>> https://www.facebook.com/notes/protect-the-graph/the-current-state-of-smtp-starttls-deployment/1453015901605223
>>
>> "We found that 76% of unique MX hostnames that receive our emails support
>> STARTTLS. As a result, 58% of notification emails are successfully
>> encrypted. Additionally, certificate validation passes for about half of
>> the encrypted email, and the other half is opportunistically encrypted. 74%
>> of hosts that support STARTTLS also provide Perfect Forward Secrecy.
>>
>> It's clear to us that STARTTLS has achieved critical mass and there is
>> immediate value in deploying it. We encourage anyone who has not already
>> deployed STARTTLS to at least deploy it for opportunistic encryption. As
>> more systems support email encryption, the value increases for everyone."
>
> Indeed, somewhat better than I expected at this juncture, but not
> entirely surprising given the current incentives for large providers.
>
> I am pleased they posted the report, and would like to see more
> reports like this going forward.  I am somewhat disappointed it
> appears to support the fallacy that somehow PKIX authentication is
> applicable to SMTP and thus aplauds the fact that some SMTP servers
> throw away money on public CA signed certificates, when opportunistic
> TLS, or no TLS is required in their absense, and even their presence
> cannot usefully preclude active attacks.

Cost of a CA issued certificate = $50 /year [Comodo cheap SSL]

Cost of finding a PKI consultant = $2,000
Cost of a PKI consultant = $200/hr

[Above prices are typical, hiring me costs rather more]


Crypto expertise is expensive if you buy at retail prices. It is a lot
cheaper if you buy from a provider whose operations are designed for
scale.

For the same reason, folk whose DNSSEC obsession is kicking CAs out of
the market are on a hiding to nothing because the cost of a 3-day
DNSSEC course is about $3000. I can deliver DNSSEC to people who don't
know DNSSEC and have no interest in knowing DNSSEC for far less.

More information about the cryptography mailing list