[Cryptography] ISPs caught in STARTTLS downgrade attacks
andreas.junius at gmail.com
Thu Nov 13 16:17:53 EST 2014
On 14/11/14 05:31, Bear wrote:
> End-to-end email encryption solutions such as PGP do not
> protect crucial elements in the headers. STARTTLS was supposed
> to do so but can only be run by the parties that run the mail
> servers. Since most correspondents rely on mail servers operated
> by their ISP's (and most ISP's block customer mail servers as
> non-negotiable policy in order to limit spam sending) STARTTLS
> was never practical for end-to-end use. The plaintext of STARTTLS
> email is normally visible to the sender's ISP and receiver's
> Unfortunately, the ISPs do not risk substantial losses from
> failures of STARTTLS and can subvert or fail to implement it
> in ways not immediately visible to those who do. Predictably
> some have therefore been subverting or failing to implement
> Sigh. One more round of "Internet Mail, Privacy Fail."
> I'm increasingly of the opinion that there is no protocol
> that can be derived from SMTP and compatible with it that
> can provide the practical privacy of a paper letter in a
> paper envelope.
SMTP is a rather old protocol with a clear emphasis on research;
therefore all those headers that get extended on every intermediate hop.
The requirements for a message transport protocol were very different at
the time from what we need nowadays.
I agree that SMTP can't be fixed, because the old requirements are
contradicting the new ones. The darkmail alliance guys think the same
and they are designing something based on xmpp if I got it right.
I personally think, that's not the way to go. Companies might have
trouble to manage another port and protocol and an intelligence agency
has a clear target to tap on communication. I try therefore a solution
that uses REST via https: http://www.peemail.org/home/projects/pee/
It uses end-to-end encryption for all parts of the message and
additional encryption for client server communication. The advantage is
that there is no difference between, e.g. online banking or sending
messages. It's still not finished but it looks promising so far.
More information about the cryptography