[Cryptography] ISPs caught in STARTTLS downgrade attacks
Bear
bear at sonic.net
Thu Nov 13 14:01:21 EST 2014
End-to-end email encryption solutions such as PGP do not
protect crucial elements in the headers. STARTTLS was supposed
to do so but can only be run by the parties that run the mail
servers. Since most correspondents rely on mail servers operated
by their ISP's (and most ISP's block customer mail servers as
non-negotiable policy in order to limit spam sending) STARTTLS
was never practical for end-to-end use. The plaintext of STARTTLS
email is normally visible to the sender's ISP and receiver's
ISP.
Unfortunately, the ISPs do not risk substantial losses from
failures of STARTTLS and can subvert or fail to implement it
in ways not immediately visible to those who do. Predictably
some have therefore been subverting or failing to implement
it.
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
Sigh. One more round of "Internet Mail, Privacy Fail."
I'm increasingly of the opinion that there is no protocol
that can be derived from SMTP and compatible with it that
can provide the practical privacy of a paper letter in a
paper envelope.
Bear
More information about the cryptography
mailing list