Google, Microsoft, Yahoo Join Forces To Create New Encrypted Email Protocol

An anonymous reader writes: A group of independent security researchers and major Silicon Valley tech giants have submitted a proposal for a new email protocol called SMTP STS (Strict Transport Security). In theory, this new extension looks like the HSTS (HTTP Strict Transport Security) extension to HTTPS. Much like HSTS, SMTP STS brings message confidentiality and server authenticity to the process of starting an encrypted email communications channel. HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks. to avoid SSL/TLS downgrades and MitM attacks. The biggest names on the contributors list include Microsoft, Google, Yahoo, LinkedIn, and Comcast. Last year, Oracle also submitted a similar proposal called DEEP (Deployable Enhanced Email Privacy).

Storage

If the messages are not stored encrypted, what's the point? Private email sitting on Google/Yahoo servers is a much larger attack surface than email in transit.

Re:Storage

[Junta]

The storage of content and transmission of content are separate concerns. A standard protocol to cover transmission of messages should not be concerned with the storage of it.

Re:Storage

[MobileTatsu-NJG]

Yeah, I was going to say: If Google actually did do their job correctly they wouldn't be able to monetize GMail.

Re: Storage

Yes it should. In this case it is completely useless if it doesn't support encryped storage. But these companies love to invent useless stuff as long as they can fool the masses so it's no surprise. They don't have privacy or security in mind. Their primary focus is market-grabbing and ads.

Re:Storage

[The-Ixian]

Exactly.

Also, more to the point, I think this is more about *authentication* than it is about encryption.

But since strong encryption requires authentication for proper implementation, you get 2 birds for the price of one.

Re: Storage

[Z00L00K]

Encryption of messages is not prevented by this technology, it's two completely different uses.
  - SMTP STS is used for validating the server channel to prevent spoofed servers. It doesn't care about the message content.
  - Encrypted messages already exists and encrypts the message body, but that will require that both sender and receiver have exchanged some information. However these messages don't care about the channel used.

For best result you need both.

But I also see problems here:
  - the SMTP STS requires certificates provided by a Certificate Authority (CA), and lately it has been revealed that not every CA is especially good at handling this.
  - It will also require a good implementation of revocation of certificates.
  - The management of the certificates may be costly, both the certificate and the management of it.

Overall it will drive cost, and that may be what kills this idea.

Re: Storage

[Junta]

The transport doesn't support *any* concept of storage. It doesn't have to, that's why it's called transport.

Now you could say you should be using S/MIME or similar as it's more comprehensive end-to-end and secure transport is inadequate, but this is strictly a transport standard.

It's also a standard that can do something to mitigate risk to those who do not avail themselves of S/MIME.

Re:Storage

Well in any case, I certainly don't trust Google, Microsoft and Yahoo to handle security and privacy.

Re:Storage

I did not mean to suggest a transport layer standard should include provisions for storage. I was pointing out that this has nothing to do with the end user's security, because if it did they would be developing a standard for the storage of encrypted email.

Re:Storage

[kqs]

The problem with storing messages encrypted with a key that only you know is either:

* Every time you read a message, you have to enter the key. This makes reading mail painful on a desktop and almost useless on mobile.
* Or, a long-term key is stored so you can read the messages, in which case anyone who grabs any of your devices (either physically or with malware) can now decrypt all of your messages. This is still slightly safer than what we have now, but would not slow down government agencies or criminals much. "Bad Guys" don't break into Google; they grab your keys via phishing. and encrypted-at-rest won't help with that.

Re:Storage

[GuB-42]

Not really, Google servers are very secure. Unless you are a major government, there is probably nothing you can do there.
In transit, there are many vulnerable intermediates : WiFi and Ethernet can be sniffed, routers and DNS can be hijacked, ISPs can be compromised, etc...

Re: Storage

[TylerJWhit]

This is like saying that you don't need to lock your back door because the front door is locked. You have two targets of attack that BOTH need addressed. This is addressing one such target. That isn't to say that HOW emails are stored is irrelevant to these parties involved, but the purpose of this proposal isn't about putting a new lock on the proverbial back door, but on the front.

Re: Storage

[scdeimos]

You also missed that failure reports get sent to email address(es) listed in the rua=... parameter of the STS1 TXT record. Want to guess at what percentage of those email addresses will be handled by the target mail server as opposed to servers on alternate domains?

Re: Storage

No. This is like saying that the company that installs your locks should also hire private police force to make sure the neighborhood is crime free.
Both are important, but one is simply not the concern of the people responsible here.
Sure, you won't get secure email if it's stored in unencrypted form on random servers, BUT THAT IS NOT THE FUCKING ISSUE BEING SOLVED HERE. That is going to have to wait.

Re: Storage

[Rashkae]

That's the thing.. it's a solved problem,, has been a solved problem for over a decade. If only the big cloud players (MS, Google, Yahoo) got off their behiends and implemented encrypted e-mail that's relatively easy for people to use, that would be a *great* step in the problems being addressed here. Instead, they have to start re-inventing the whole transport protocol, while leaving the goldmine of data storage in the same sad 1980's shape.

Re: Storage

[pixelpusher220]

Your web pages aren't stored encrypted... But the transit is. Are you against HTTPS?

Re: Storage

Securing the keys is not a solved problem. And you cannot really do it over the web (anyone that tells you so is lying), not without some additional browser extensions and the use of some sort of safe key-holding device (smartcards with *LARGE* pins might do). The keys cannot get exposed either to the cloud *or* to the web browser(!)...

This is important...

[__aaclcg7560]

Yahoo Mail needs to have encrypted email. I haven't changed my password in 20+ years and probably won't for the next 20+ years..

Re:This is important...

[peragrin]

I haven't changed my gmail password in 10 years. I have turned on two factor authentication.

Re:This is important...

Right, because it would be a horrible shame if the address you use to suck up SPAM / Business Marketing Materials got broken into by a jihadist group. "This guy puts bacon andCanadian bacon on his pizza! And he shops eats at the Pit BBQ. Off with his head!

Re:This is important...

[__aaclcg7560]

[...] a horrible shame if the address you use to suck up SPAM / Business Marketing Materials [...]

I don't get spam on this account.

"Transport" != "end-to-end"

[QuietLagoon]

The emails are still in plain text inside the email servers en route, unless the email sender and recipient use end-to-end encryption.

Re:"Transport" != "end-to-end"

Do you even PGP bro?

Re:"Transport" != "end-to-end"

[fph+il+quozientatore]

The emails are still in plain text inside the email servers en route, unless the email sender and recipient use end-to-end encryption.

This. We need one-click client-side e-mail encryption, usable by everyone. Like PGP but without the key management complications and the scary mojibake added to the e-mail body.

Re:"Transport" != "end-to-end"

[Z00L00K]

Like in Thunderbird: "Encrypt this message" when you compose it.

You need to have a mail certificate, but that's no big deal except that you will have to pay for it.

Re:"Transport" != "end-to-end"

[castionsosa]

Symantec Encryption Desktop is pretty close. You can hit a key, type your key's passphrase, have the mail decrypted in the window. Kpgp is similar on Linux, although you do have to cut and paste with it. I can't see how it can get easier than that.

Re:"Transport" != "end-to-end"

Like PGP but without the key management complications and the scary mojibake added to the e-mail body.

The "scary" stuff added to the body got fixed around the turn of the century (or earlier?) with PGP/MIME.

And if you don't have key management, then you don't know how much security you have vs MitM, nor have any way to increase it. Yet even then (if as a layperson you don't want to think about keysigning stuff), you can already half-ass it if you want to, by trusting various not-really-untrustworthy "robot CAs." The result would be laughably bad, but at least it's about as good as how the keys are authenticated for HTTPS on the web, and most laypeople think HTTPS-with-padlock-icon is good enough, so.. good enough.

So basically, you're talking about something that you already have, aren't you?

Re:"Transport" != "end-to-end"

Transparent email encryption would be ideal; key management is a problem - either a) personal management is taxing on an individal or they get lazy or b) central RAs are somewhat spendy for typical Internet usage.

Email was simple, and that's how spamming propagated so quickly.

Re:"Transport" != "end-to-end"

[nine-times]

You're right, but the problem is that the "key management complications" are very hard to get rid of.

The problem with end-to-end encryption is that normal people can't be trusted to manage encryption keys. But then there are only two options: either you manage the keys, or someone else manages them for you. If someone else manages them for you, then whoever is managing the key also has access to your email. If your email provider is managing your keys for you, then your end-to-end encryption scheme is not meaningfully different then those messages being unencrypted on the server-- either way, you're entrusting your mail provider to secure the messages.

Personally, I think we need a new breed of identity management providers, SSO solutions, etc. Overall the way we handle encryption certificates and passwords is absurdly primitive.

Re:"Transport" != "end-to-end"

[swb]

If you don't have key management complications you have certificate trust complications.

You could do public key directories (is there still a PGP directory?), but then you have trust questions about keys retrieved from a directory, which leads you back to key management issues.

Re:"Transport" != "end-to-end"

It's really annoying how so many people who really truly ought to know fucking better don't seem to get the difference between "copy & paste" and "cut & paste".

Re:"Transport" != "end-to-end"

[AmiMoJo]

I agree, but this is still really worth doing. It's a reaction to government and ISP surveillance. It prevents data collection on backbones and via router taps.

Re:"Transport" != "end-to-end"

[jez9999]

but that's no big deal except that you will have to pay for it.

lulwat?

Re:"Transport" != "end-to-end"

[Z00L00K]

Well, like $15 to $20 for a year or so... Depending on which CA you use.

Re:"Transport" != "end-to-end"

[QuietLagoon]

...but this is still really worth doing...

Agreed.

Finally

[Xabraxas]

Email is the backbone of most businesses and it is a horrible insecure mess. Maybe people will finally be able to email secure information easily. Email is easily one of the biggest compliance issues because of how insecure it is.

Re:Finally

[Lumpy]

Use one of the thousands of encryption system and encrypt your email. Cripes this has been possible for well over 2 decades now.

Re:Finally

[FlyHelicopters]

How do you send email to random people encrypted?

Your solutions work for internal email, but not external. The idea is to make all email secure.

Re:Finally

[unrtst]

Maybe people will finally be able to email secure information easily.

Which has nothing to do with SMTP STS.
SMTP STS does not provide message integrity, privacy from any SMTP servers along the path, data security, nor authentication.
That said, SMTP STS seems like it's a good addition to the existing transport security.

The post title is, IMO, misleading. This isn't really a new email protocol, it's an extension to the existing protocol. Your email is not encrypted; your traffic is encrypted, and potentially only for part of its transit. While it is attempting to provide some level of assurance that the traffic is always encrypted between systems, it can not enforce that within ones network (ex. mail hits company external SMTP gateway, STS is done there, gateway passes it in plain text to local antivirus system, which passes it to local spam filter, which passes it to internal mail gateway, which routes to internal mail storage for the destination user, then the user gets it via a secure or insecure channel).
It does ensure that between you and your providers SMTP server there is encryption (which you could already ensure), and that between your provider and the destination server, as defined by the destination MX record, there is encryption. That's a nice bonus, but it doesn't completely solve the "horrible insecure mess".

Re:Finally

[sexconker]

How do you send a web page to random visitors encrypted?

A: You don't.
B: You both use software utilizing an agreed-upon (and shitty) cert system that automates key exchange.
C: You transmit keys securely (NOT ON THE INTERNET) before hand (for random visitors, see option A).

Re:Finally

[rahvin112]

You don't because you can't. Public key Encryption requires the exchange of encryption keys, the only other kind of crypto is the kind that requires that a secure encryption key be swapped. Neither method is conducive to blindly sending email to a random person.

To do what you want you need a closed system with strict exchange profiles, a large keyring that's replicated to every device and you absolutely can't let any Jack and Jill run servers. It needs to be highly centralized to work. In every regard this is not how email works. For what you want to happen you need something other than email. Trying to shoehorn email into this role is stupid.

Re:Finally

[Lumpy]

You seem to not understand encryption.

Freely publish a public key. Step 2; there is no step 2 as anyone can now send me encrypted mail that I can decrypt using my private key.

Re:Finally

[swb]

Freely publish a public key. Step 2; there is no step 2 as anyone can now send me encrypted mail that I can decrypt using my private key.

I know (and love) several people who do tinfoil hat shit like carrying their cell phones turned off in foil bags or refusing to even own a cell phone.

I've tried everything possible to get them to use PGP, including installing the once-free-to-use version that integrated well with Outlook Express on their computers. One's a PhD in history, the other has a BS in mechanical engineering, so neither is stupid and one is very technically adept but neither one can put the effort into actually using PGP.

And they both end up sending me horrible emails that really ought to be encrypted lest whoever's reading them think I'm tied up in their crazy ideas or take them too seriously.

The rest of the world with less technical sophistication and way less sense of paranoia? Forget about it. It's too much effort to find the right software and make it work.

Re:Finally

[sexconker]

No, you seem to not understand. You have described option B. PGP and the like are broken because of the concept of trust.

You can't just publish a public key and call it done. Someone wishing to send you something needs to know that the key does, in fact, belong to you. PGP dreams of a a web of trust. It hasn't happened, and likely never will, as we've seen the "trust"model fail spectacularly in every implementation.

Even if you trust the algorithms used in your public-key crypto (a terrible decision, in my mind, given the revelations about RSA), you still need a way to assure the user that the public key is yours. This necessitates a secure channel. Trust chaining / webs and degrees of trust are failed concepts, and every other public method of verification is prone to attack, including the only one anyone actually uses (publishing their public key on their blog).

"Trust but verify" is the new lingo that "experts" repeat over and over. But if you're going to verify, there's no need to trust. For PGP and similar, if you're going to verify someone's public key, like you're supposed to, you may as well take that same opportunity set up a symmetric key instead, since the algorithms are likely more secure. If you don't, you end up with all the problems we have today - users trusting untrustworthy keys, other users vouching for those keys and causing that misplaced trust to spread, and the inability of user to communicate securely and easily.

These are very old problems, and we have no new solutions. You simply can't trust a public routing network, thus you can't use any piece of it to establish trust.
Meet physically and exchange keys, secret handshakes, or conversations about how the weather on Wednesday will be wet, though the skies on Friday will be clear. Further, in my proudly-paranoid opinion, you should not trust any of the public key algorithms.

Re:Finally

[FlyHelicopters]

You seem to not understand encryption.

I understand it perfectly well.

Freely publish a public key.

How do I know what you "publish" is really from *you*?

How do I know what is posted on some web site is not injected with man-in-the-middle attacks replacing the key with someone else's?

And where do I find such a "freely published key?" Random poking around?

Step 2; there is no step 2 as anyone can now send me encrypted mail that I can decrypt using my private key.

As Apple has so clearly shown, if it isn't default and automatic, people won't use it. Apple now sets all phones to be encrypted by default. Without that option, people wouldn't use it.

Unless the key exchange is completely automatic requiring zero effort to either "publish" a key or to "use a key", then it will never happen.

Manual options have existed for a very long time, but the bulk of everyone will never use them.

We are all going to simply have to trust someone to hold keys. I trust Google well enough, at least in so far as I don't think Google Chrome is going to steal my bank password or my money. I trust Bank of America with my info (and money), I don't worry that they are criminals (at least not in the "steal your money directly" sort).

Obligatory XKCD

The competing standards one.

It's about time

[MAXOMENOS]

Generating fake email that's good enough to pass most humans' scrutiny is ridiculously easy; I used to do it as a prank, to prove a point about why we need to use GnuPG signatures all the time.

Re:It's about time

[Junta]

GPG and/or S/MIME would address your concern, but this proposal would not.

This is basically using TLS more properly in SMTP, which in and of itself is good, but far from adequate.

Here is the tricky thing about TLS: it works well in theory for user-service interactions (e.g. I care I'm talking to 'onlinebanking.bigbank.com'), but not as well for messaging (I'm not conversing with a server, whose identity is hidden away in the headers, I'm conversing with whatever is in the 'From/To/CC/BCC' fields, and those are the folks I care about authenticating)

Will it come complete with...

[evolutionary]

A back door for the email providers and easy access for FBI/CIA?

Re:Will it come complete with...

given the companies in the consortium that are writing the code, I believe the answers to that are:

  a) yes

b) somebody is already inside at these places ready to do the dirty work

If you don't believe that, you are a babe in the woods: turn in your Geek card and GTFO my internet.

Solved problem?

[castionsosa]

What does this give over the existing protocols, other than using TLS? It looks like once the E-mail is received by the client side, it is stored decrypted, so it only solved a part of the problem.

What is so wrong with getting people to use a standard like S/MIME or OpenPGP, which truly secure messages, regardless if it is in-flight, sitting on a hard disk, or sitting on a spool file on a relay? The advantage of OpenPGP is that it functions independently of the messaging protocol, so security is assured, even if there is no other encryption in any part of the chain, other than the endpoints.

Re:Solved problem?

[Junta]

It could be considered a protocol to negotiate use of TLS more securely.

S/MIME and OpenPGP would be more thorough solution to the problem.

Re:Solved problem?

[ADRA]

It also requires peer key exchange, which introduces burden. With burden comes 'simplified' services that do the key exchange for you, then you get back to where we are now (or at least if a shared conduit exists). There are only a very limited number of people who are willing to go to such lengths to guarantee secrecy (from everyone). You -could- use publicly signed key exchanges like Verisign, but but cost would generally kill mass adoption.

This isn't a new problem and you can always read more about it in https://en.wikipedia.org/wiki/... though I'm sure you're well aware.

Re:Solved problem?

[castionsosa]

If it does this, this is useful. I know with Exchange, I ended up setting up TLS connectors manually between sites that were in constant communication with each other. This way, anything going from foo.com to bar.com and back would be encrypted. Having this new standard will make life easier, because making connectors between sites would not be as important.

I just wish someone can address endpoint encryption. TLS has been constantly updated, while S/MIME and OpenPGP are pretty much untouched since their millennial introductions, and endpoint encryption is something that should be considered as a core security tool. Even having S/MIME sign all documents seems like something only I seem to do, but it has saved me in the past come audit time.

Re:Solved problem?

[jader3rd]

What does this give over the existing protocols, other than using TLS?

SMTP has a problem where the optional "I want a TLS connection" bit can be stripped out. Some ISP's (name Verizon) are known to do this. So if a non-SMTP protocol is used in the first place, the ISP can't strip out the optional bits.

What is so wrong with getting people to use a standard like S/MIME

From earlier Slashdot posts I remember people sharing experiences of having their entire team using S/MIME, but then when Android came out, it didn't support S/MIME, so everyone turned it off and nobody noticed. The idea behind S/MIME is that if I receive an email from castionsosa and it has a little badge next to it, I can be assured that it's from castionsosa, and if the badge isn't there I'm supposed to be suspicious. Guess what, no humans notice when the badge isn't there; so S/MIME isn't solving the problem it was meant to solve. If anything an end user is annoyed by having the odd email having a badge displayed in the client.

Re:Solved problem?

[Z00L00K]

The point is that this will identify the sending server, and that may allow you to block all servers not identifying themselves, spoofing another server or using revoked certificates.

TLS is just encrypting the channel between servers to prevent sniffers to see the clear text data and possible passwords used to authenticate SMTP sessions.

S/MIME or OpenPGP "only" protects the message itself and provides a way to validate the sender of the message. You may of course configure your server to validate all messages and bounce any S/MIME message that isn't having the correct signature as well as clear text messages. Just be aware that in S/MIME the headers are always in clear text so you may be careful about what you have in the subject line.

Re:Solved problem?

[unrtst]

Compared to existing TLS, it ensures the hop between your providers systems and the destination MX is also done over TLS.

As far as I am aware, S/MIME and OpenPGP do not do PFS (perfect forward secrecy). Doing so would be difficult because they would need some way to exchange the ephemeral key, and there is no direct handshake.

This means someone can intercept your S/MIME/CMS/PGP/GPG/etc encrypted message and deploy brute force attacks on it if they can intercept it in transit. The addition of SMTP STS will greatly reduce that possibility as the hop between providers can be verifiably ensured to be TLS encrypted (hopefully over a protocol supporting PFS). Your message could still be snagged at rest on any system along the path, or on the path within the destination network, but this reduces the area of attack.

Re:Solved problem?

[SumDog]

I think the problem this is trying to solve is that mail relays transmit information to both TLS and plain-text SMTP without any verification. I mean, most MTAs will deliver to SMTP servers that have invalid, self-signed and expired certificates. But yes, I don't see how this changes anything unless all MTAs implement it....and we could just do that by turning on strict for TLS (and watch 50%+ of your e-mails no longer get through)

Re:Solved problem?

[unrtst]

The idea behind S/MIME is that if I receive an email from castionsosa and it has a little badge next to it, I can be assured that it's from castionsosa, and if the badge isn't there I'm supposed to be suspicious. Guess what, no humans notice when the badge isn't there; so S/MIME isn't solving the problem it was meant to solve.

That's not entirely accurate.
What an S/MIME signature is supposed to solve is to provide evidence that:
a) the message was from that sender (or someone with his private key), assuming you trust the cert CA and his public cert didn't just change
b) the message has not been altered in transit

If someone along the path the email travels (for example, the spam filter or virus filter) modifies the message (ex. strips out the attachment or adds a "sent via iSomething" phrase at the end, or maliciously alters the message text), then the badge will be broken and you will get a big alert.

I've seen that catch naughty mail servers a few times, though I haven't seen it catch anyone malicious (probably because I'm not a very important target).

However, the problem you noted is very similar here. When I did have signing problems, lots of people were getting emails from me with a bad S/MIME signature, and no one was complaining about it! Everyone should have reacted strongly to the big red banner that outlook was showing them. I don't even think this is an awareness problem - people just don't care.

Correction

I like that mods actually took their time to edit a description for once, but there's a mistake.

"The new protocol also works with HTTPS" should be "works like HSTS".

The original text from the recent submissions page was technically accurate.

But yeah, since Microsoft, Yahoo and Google joined forces, this almost guarantees the standard will be approved. Once you get the three major email providers to agree on something, it's almost as done.

some good things about insecure

[supernova87a]

I have the contrary opinion that the threat of your emails being hacked or exposed does at least one good thing:

It forces people to think a bit more carefully about the things they say/write (and read) over email, and makes people communicate a bit more formally in that medium. When someone starts relying (or incorrectly believing) that email contents are totally secure and private, you get in trouble and start writing/saying things you really shouldn't.

Re:some good things about insecure

To get people communicate a bit more formally in emails, it would be possible if every email provider would not do top posting, and by that handle email like a "chat".

Re:some good things about insecure

[iggymanz]

big problem is that email is now the replacement for the fax machine for many legal purposes

Don't blame email!

[s.petry]

I get really tired of this, because it's completely backward and wrong. Email is fine, and it does exactly what it was intended to do. Route messages from source to destination. People like you want email to be something different, but always arbitrary because there is no solution which works to encrypt out of the box which can not be tampered with. You want secure, that's fine but don't make an insecure protocol for mail routing the answer.

Use email for email. Attach encrypted files using what ever format you want, and you have control of the encryption. Stop demanding that generic "email" does it all for you, because if you trust any of the companies listed in TFA to give you bullet proof security, you are a tool.

Re:Don't blame email!

[Dutch+Gun]

The current e-mail protocols were designed at a time when everybody on the internet was expected to play nice. It could use an upgrade for today's significantly more hostile environment. There's really no reason we shouldn't have an upgraded protocol with more security and better authentication built in.

Nothing against the brilliant minds that created some of these early protocols, but they simply couldn't foresee some of the modern security and privacy issues the current internet has to deal with. We've also learned a thing or two about encryption and secure protocols in the last few decades, and upgraded protocols accordingly, right? I think it's a good time to try to introduce an upgraded e-mail standard. Whether it takes hold or not is a question, but with some of the big names apparently behind it, I don't see why not.

BTW, if you're going to reject out of hand a proposal for a new standard because of the names of the companies involved, then you're not thinking things through clearly. This would be an open standard, meaning it's possible for security specialists to vet and declare the protocol safe and secure, just like we do with TLS and other modern protocols. It seems like it would be rather tricky to hide secret backdoors in an open standard.

Re:Don't blame email!

[s.petry]

Analogy time, sorry I could not think up a car analogy..

The current public transit systems were designed at a time when everyone on the system was expected to play nice. All over the world these systems are now dangerous, so must need to be redesigned. You left your wallet sitting on the shelf and someone stole it, it must be the system's fault. You were nekked and someone took photo's of you, must be the system's fault. They blackmailed you with the photo's, has to be the system's fault too. You were on speaker phone and gave the operator all your personal information and someone stole your identity, must be the system's fault. You were just sitting there minding your own business and some guy tried to sell you stuff you didn't want, the goddamn public transit system is bad!

Do you see how poor your logic is? You are blaming a PUBLIC TRANSPORT for how it gets used, but that's not the worst part. You also put things on the transport about it being visible and actions that come from that.

Banks and Governments use armored cars with extremely complex schedules to transport things like money and they don't put things on the public bus system. That is an intelligent and intentional decision that perhaps you need to think more about.

Re:Don't blame email!

[bondsbw]

Same thing would apply for HTTPS, wouldn't it?

"HTTP is fine, and it does exactly what it was intended to do. People like you want web servers to be something different, but always arbitrary because there is no solution which works to encrypt out of the box which can not be tampered with. You want secure, that's fine but don't make an insecure protocol for web serving the answer. Stop demanding that generic "web browsing" does it all for you, because if you trust any of the companies listed in TFA to give you bullet proof security, you are a tool."

Re:Don't blame email!

[Dutch+Gun]

By your argument, we shouldn't be using our current e-mail protocols for anything requiring security of any sort, and I absolutely agree, but that's not the reality of the world we live in. Everyone has need of a secure messaging protocol on occasion, not just commercial institutions. What happens when you reset your password to nearly any web site that requires a secure login? Yep, you get sent a reset code or link by e-mail, right in the clear, which is used to authenticate that you're the owner of that account. What open, universal, secure messaging alternative do we have for this sort of thing? There's clearly a need for it.

If we now understand how to do a better job of securing e-mail and why doing so is a good thing, is there a reason not to? I'm afraid I just don't really understand your apparent opposition to a more secure e-mail protocol. Did you fervently oppose HTTPS as well, accusing people of "blaming HTTP" for trying to do things with it that it was never designed to do? This seems rather analogous to me.

Re:Don't blame email!

[s.petry]

Facts and logic, use them! If my argument is wrong demonstrate where I am wrong and provide a better argument. I don't care about feelings, I care about facts and logic (which often run counter feelings). The world you claim to be frightening is the same world that existed when SMTP was first established. The only difference is that people like you demand that security for you is more important than freedom for everyone else.

You don't like SMTP don't use it! Go make your own protocol and have a great time sitting by yourself on your internet island!

Re:Don't blame email!

[Dutch+Gun]

You don't like SMTP don't use it! Go make your own protocol

/facepalm. That's what we're discussing here.

Re:Don't blame email!

Well, you present no facts and fail to make a logical argument.

The analogy you do make is either a red herring or a straw man depending how charitably one views the undefended assumption that email and public transportation have any relevant similarities.

It is a fact that phishing attacks exist. It is also a fact that similar problems in other communication channels have been mitigated by https and similar protocols that are newer than email.

From that it is easy to conclude that an updated email protocol that leveraged advances in authentication and security could lessen the risk of successful phishing attacks via email.

Re:Don't blame email!

[bmk67]

Facts and logic, use them! If my argument is wrong demonstrate where I am wrong and provide a better argument. I don't care about feelings, I care about facts and logic (which often run counter feelings). The world you claim to be frightening is the same world that existed when SMTP was first established. The only difference is that people like you demand that security for you is more important than freedom for everyone else.

You don't like SMTP don't use it! Go make your own protocol and have a great time sitting by yourself on your internet island!

Responding to the bolded part.

Right. Are you seriously claiming that the internet of 1982 is the same as today, and that the threat model is the same?

Facts and logic, indeed.

Re: Don't blame email!

Fuck you moron.

Re:Don't blame email!

[rtb61]

I think the snail mail analogy is by far more appropriate. So for snail mail a simple envelope, nothing more secures it because there are real penalties for interfering with it https://www.law.cornell.edu/us.... So for electronic mail, simply enact the same laws and provide a simply concretion envelope. The mail identities it source and it's intended recipient and if you get it by mistake simply forward it on to authorities for redirection or inform the sender and delete it. Open it when you are not the intended recipient and you break the law and you have to identify yourself when you open it and acknowledge that with the sender. These laws would impact all email providers and force them to respect the privacy of senders and receivers by law (five year penalty for all players involved in breaking those laws). You bet email will become real secure real quick if a prison sentence is involved when you invade people's privacy.

Editorial mistake...

[Junta]

The new protocol also works with HTTPS to avoid SSL/TLS downgrades and MitM attacks.

The article says:

HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks.

HSTS != SMTP STS, though they are similar.

Re:Editorial mistake...

Yeah, it was pointed out before. The mod made a mistake in editing the submission's description. The original submission is more clear: https://slashdot.org/submissio... Didn't made any sense to me either, until I read the original article.

Re:Editorial mistake...

Yeah, the Softpedia article makes more sense than the summary... don't know who wrote it, but he got twisted in all the acronyms

Encryption to email!

Please, PLEASE PLEASE PLEASE!

Make the whole email (outside of the headers) encrypted!

This time really do the requirement so that no one else can read than receiver....

Oh, Google/Microsoft/Yahoo and their reason to read every email and build complex profile of the account by using "anti-spam/phishing/malware" filtering as excuse, at least Google says directly that they use that build profile as well to show ads to you!

Re:Encryption to email!

[Z00L00K]

S/MIME is your answer.

Data Links should not be vulnerable.

[Etherwalk]

http://www.slate.com/blogs/fut...

http://arstechnica.com/tech-po...

corps create appearance of security not reality

[sittingnut]

big tech corps are interested in creating appearance of secure and private communication to all, that it also usable without effort on our part. but this is impossible to achieve.
if we want to be secure and private, we have to do it ourselves and spend some time and effort to get a solution that will suit us. for most email we probably don't need that, but when we need it, we have to spend resources to achieve it.
don't expect, or trust, big tech corps to provide it.

Why isn't AOL participating?

[SethJohnson]

Was disappointed to see AOL absent from this list of email provider collaboration. But not surprised.

Re:Why isn't AOL participating?

Give them about 2-3 years. Verizon will get around to it.

How about we create a new standard WITHOUT TABLES!

As someone who has to code a few email newsletters a week, how about we create a new email standard with attached assets like stylesheets and images, and that conforms to HTML5 and CSS3?

Right companies for the job

Stellar reputations in security and in always doing what is best for the end-user. Every. Last. One. Of. Them.

Can I setup my own e-mail server?

[SumDog]

Will this standard allow me to setup my own e-mail server and Google/Microsoft not silently drop all my messages? Because that's the biggest problem with e-mail right now. I wrote a post on it a while ago:

http://penguindreams.org/blog/how-google-and-microsoft-made-email-unreliable/

Re:Can I setup my own e-mail server?

It's not just you. I do contract IT, and the vast majority of my customers can't send mail to hotmail (or whatever Microsoft calls it these days) or gmail. It's a huge barrier for start-ups. Amazon SES fixes most of the problems, but most of my customers don't want to spend the money on it.

Re:Can I setup my own e-mail server?

[kqs]

That link implies that email was reliable at some point. It has never been reliable, has only ever been best-effort, and when it fails it requires wizardry and chicken entrails to determine the problem. I was in charge of email for my organization from 1993-2010, and it was the most thankless job imaginable (except, maybe, for printer admin).

I don't have much experience with hotmail/outlook.com, but gmail has been far less likely to stop spam without blocking valid email than anything I could deploy at my own organization or anything that most other organizations can deploy. That whole blog post sounds like someone who has no idea how email started, evolved, and now works, and just likes blaming the "big companies" for universal problems. It should not be held up as an example of anything but uninformed opinion.

Re:Can I setup my own e-mail server?

[toonces33]

It is more a deficiency of the underlying protocol than anything else. Spam and malware delivered by spam has become so pervasive that lots of people have given up on the thing. It wasn't that long ago that you could find open relays (perhaps there still are some out there), which permit anyone to send an email as anyone else.

And then there is the malware that hitches a ride on top of the automation interfaces that Microsoft has so generously provided. So once you get infected, your own machine starts sending out spam - all through your normal Exchange server.

I wouldn't fault the people who originally designed SMTP - back in the day, it served the purpose. But it was never replaced with something that had some level of authentication, so that when you get an email that says it is from a certain person, that you could have been sure that it is really from that person. And I get it - this is an extremely hard problem to solve in the general case, which is why nobody ever was able to do it.

In the meantime you have people communicating via Faceplant instead - in this case, you actually do have authenticated users sending messages to each other (at least until one of them gets malware that hijacks the browser to send facebook spam).

In the past, I have wondered whether we are seeing the death of the internet as we know it as it gets choked with more and more spam, malware, botnets, and other useless things. And by this I don't mean that people stop using it - just that people will retreat back into walled gardens, where they perceive that they are safer from these things.

Re:Can I setup my own e-mail server?

[The-Ixian]

When I did contract IT, I would always set up smart hosts, preferably Postini (now rolled into Google apps) or Securence (US Internet) but, in a pinch, I would use their ISP's mail server.

If they absolutely had to run their own mail server I would tell them that they required:

- Business class Internet connection
- Static IP
- Reverse DNS to match the forward DNS

If they didn't want to opt for any of those... well, I would still set up their mail server but made it clear that some e-mail was going to be rejected.

It isn't the '90s anymore. You cannot run your own e-mail server out of your basement and expect it to work 100%.

Re:Can I setup my own e-mail server?

> Reverse DNS to match the forward DNS

Worked with Comcast for at least fifty different customers, and not a one of them has reverse DNS setup correctly. For my own business, I've had the same IP addr with Comcast for over a decade, and it still points to the previous customer that used my address over a decade ago. Proper reverse DNS just isn't reliable when it comes to companies that don't do Internet access as their main business, like a cable company, where it is only part of their business so they don't hire competent people. Before Comcast was granted their local monopoly, I never had any trouble getting any of the local ISPs to setup reverse DNS the same day.

Re:Can I setup my own e-mail server?

I never had any trouble getting any of the local ISPs to setup reverse DNS the same day.

Ahh, the good old days when you were able to buy from a real ISP instead of a company that doesn't specialize in Internet access. At least you have the option of buying from Comcast. Where my company is in downtown Seattle, our only reasonably priced option is dual T1s. Of course they're ultra-reliable, but we need more bandwidth. Plus, I think we're paying about ten times as much as Comcast charges for ten times the bandwidth.

And, my reverse DNS is setup correctly. Level 3 had it setup before the first T1 was even installed.

Gibberish in summary

The new protocol also works with HTTPS to avoid SSL/TLS downgrades and MitM attacks.

What? That makes no sense at all. Let's read the article!

In theory, this new extension looks like the HSTS (HTTP Strict Transport Security) extension to HTTPS. Just like HSTS, SMTP STS brings message confidentiality and server authenticity to the process of starting an encrypted email communications channel, just like HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks.

Oh, that makes sense. They're comparing SMTP strict transport security to HTTP transport security and saying that it prevents downgrade attacks, not that it works with HTTPS to prevent downgrade attacks.

Re:Gibberish in summary

The original submission was correct. The mod edited it: https://slashdot.org/submission/5694039/google-microsoft-yahoo-join-forces-to-create-new-encrypted-email-protocol

Re:How about we create a new standard WITHOUT TABL

[The-Ixian]

I feel bad for you.

e-mail marketing is barely 1 step above straight spam.

If I had it my way, e-mail would be text only or implement some form of markdown

If you want to have fancy formatting, throw up a web page and go nuts, then send a non-shortened link by e-mail if you absolutely must.

PGP, since 1991. key servers. If people cared

[raymorris]

> How do you send email to random people encrypted?
> Your solutions work for internal email, but not external.

This problem was solved in 1991, in terms of the technical implementation and protocol. The "problem" is that few people care about receiving encrypted email, so they don't publish a key to use for sending them email. Maybe if email clients made it super-easy more people would do it.

Here's a brief description of how PGP/GPG works. Wherever I publish my email address, I also publish my public key, which I generated. To send me an email, you can either use my address and my public key, or you can let your email client retrieve the key for you, from a key server. Since the email is encrypted with my public key, it can only be decrypted by my private key.

Personally, I publish my public key on the "Contact Us" page of my web site and on the public key servers.

The protocol works fine. The problems are that email clients don't make it super-easy for you to generate and publish a key, or to send PGP email using the recipient's key. That's a UI problem, not a protocol problem.

Re:PGP, since 1991. key servers. If people cared

[kqs]

Personally, I publish my public key on the "Contact Us" page of my web site and on the public key servers.

Sounds good. For extra safety, I'll also publish "your" private key on the public keyservers. Should be fine, I'm sure everyone will check your web site before sending email to you.

I love PGP, and for 15+ years every email I sent was PGP-signed. But I doubt if a single person ever checked the signatures. PGP's key management is useless; the web-of-trust doesn't scale and is easily compromised. CAs can also be compromised but are at least scalable,

Re:PGP, since 1991. key servers. If people cared

[FlyHelicopters]

This problem was solved in 1991, in terms of the technical implementation and protocol.

You are confusing the technical solution with the practical end-user solution.

The "problem" is that few people care about receiving encrypted email, so they don't publish a key to use for sending them email. Maybe if email clients made it super-easy more people would do it.

That will never, EVER happen. If people have to "publish" a key manually, then you can just forget it.

Personally, I publish my public key on the "Contact Us" page of my web site and on the public key servers.

See above. You completely and totally miss the point. If I have to track down a web site, or Google+ page, or Facebook page, and manually copy or use a key from there, you might as well toss the whole idea in the bin.

If it isn't automatic, then it doesn't exist for 95%+ of computer users.

Re:PGP, since 1991. key servers. If people cared

[edtice1559]

Signing and encryption are entirely different beasts. I hope I'm not being a pedant, but we really should be clear here and I'm not entirely sure what you're saying.

Re:PGP, since 1991. key servers. If people cared

[kqs]

What I'm saying is "PGP is not useful for the masses because PGP's key management is useless".

If you look on the public keyservers and you see three keys for an address, you have no way of knowing which (if any) belong to the person without lots of research and guessing. People forget their passwords for online accounts all the time; if all email were encrypted, then forgetting the password for your key means you lose all past email forever and don't have a good path to say "stop using that old key, use this new key, and you can trust this statement".

CAs suck slightly less than web-of-trust, so in theory x509 mail signing would be more usable, but we've been able to deploy that for a few decades and nobody has done so. So that's will also not work.

I'd love to have end-to-end encrypted mail for everyone, but I have not seen any way of doing that. At least TFA's proposal, which secures and authenticates each network link, will help and is feasible. PGP is not feasible, and I say that as someone who used it for a very long time.

RFC's are submitted by individuals, not companies

[borroff]

While the various researchers who submitted SMTP-STS may be associated with Google, Yahoo!, LinkedIn, etc., the IETF does not recognize corporations or governments. Each individual speaks for themselves. The draft RFC may imply that the companies employing these folks back this protocol, but it just isn't the case that they actually do.

Wrong

[s.petry]

HTTPS != HTTP so your opening is simply wrong. Assuming you intended HTTP in your first sentence, you are using flawed logic. The purpose of HTTP is not the same as SMTP, so trying to compare apples and orangutans is pretty damn foolish right? Why is your scooter not as secure as an M1A2SEP93 tank? Oh noes!!

Re:Wrong

[bondsbw]

Read again. You were talking about an encrypted SMTP protocol, my comparison was HTTPS (i.e. an encrypted HTTP protocol). Since my point flew over your head, let me state it directly:

Encrypted versions of protocols are a good thing. This is evidenced by HTTPS. It's not perfect, but without it the web may never have had a chance to become as useful as it is. It would have been a burden on users. Without a standard, different encryption schemes may all need to be supported, users may need to manage certificates, and considering that headers would not be encrypted, something would have to be done about those.

An encrypted email protocol would lift those burdens. A simplified and ubiquitous system would allow significantly faster growth than a smorgasbord of options.

Is having an encrypted version of an unencrypted protocol the best? No... even better is to never have the unencrypted protocol in the first place.

Re:Wrong

[s.petry]

Are you smoking illegal substances? I never mentioned an encrypted protocol, I mentioned email. Take your crack pipe and troll elsewhere

Re:Wrong

[bondsbw]

An encrypted email protocol is what this entire conversation is about.

Re:Wrong

Are you an idiot, or just unnecessarily obtuse?

At an abstract level, the purpose of HTTP and SMTP are the same: the insecure transport of data, some of which may be confidential or in need of authentication. The only appreciable difference between the two is the manner in which data is transported. The need for security and authentication is no different.

"Yabut, one is used for email and the other is used for web pages. Hurr durr." Yeah, no shit, Sherlock. That's wholly irrelevant to the desire for security and authentication.

Fucking luddites.

Re:How about we create a new standard WITHOUT TABL

How about we don't?

useless specs for nefarious gains

HSTS, etc don't help users. They just entrench corporations and give an incredibly misplaced sense of security.

Tiger stones; I don't see any tigers in Salt Lake City so my tiger stones MUST be working.

Why do they hate America?!?

[Locke2005]

Remember, if the FBI can't easily monitor ALL YOUR COMMUNICATIONS, then THE TERRORISTS WIN!!!

Re:"Transport" != "end-to-end" - "Confidant Mail"

Right now there is "Confidant Mail" but people don't really care
https://www.confidantmail.org/

Wait.....

[JustAnotherOldGuy]

So now I'll have to decrypt my spam in order to read it? I feel safer already!

PGP

[jacob8404]

I still don't understand why don't people just use PGP. It solves the problem pretty well.

Re:"Transport" != "end-to-end" - "Confidant Mail"

Because it doesn't work with SMTP, only really old, no-longer-used protocols.

No one cares because it is useless.

Not wrong, but you have to find the email address

[raymorris]

> You completely and totally miss the point. If I have to track down a web site, or Google+ page, or Facebook page, and manually copy or use a key from there, you might as well toss the whole idea in the bin.

I said that, twice. Twice I said if mail clients don't basically do it automatically, people won't do it manually. So I'm not sure how you can say I miss that point.

What I find interesting about that is that everyone WILL find and Sally's email address, sally.krendircksoen9283@hotmail.com. Yet almost -nobody-, not even the most privacy preaching, Rand Paul voting Slashtotters, will click on the key link right next to the email address.

MITM means that pki encryption depends on signatur

[raymorris]

Encryption with public keys basically requires signatures as a precondition. Without validation, you could be encrypting the message with the bad guy's key.

Re:Not wrong, but you have to find the email addre

[FlyHelicopters]

I said that, twice. Twice I said if mail clients don't basically do it automatically, people won't do it manually. So I'm not sure how you can say I miss that point.

Well, then I must have misread you. I apologize.

What I find interesting about that is that everyone WILL find and Sally's email address, sally.krendircksoen9283@hotmail.com. Yet almost -nobody-, not even the most privacy preaching, Rand Paul voting Slashtotters, will click on the key link right next to the email address.

That is what I said, so clearly I was completely misreading your post.

Sorry about that.

Re:How about we create a new standard WITHOUT TABL

Please. I receive and process hundreds of emails a day in my line of work as a manager, and judicious formatting makes emails vastly more readable. The ability to bold, underline and make bullets to emphasize important details for the benefit of the reader is a huge and really basic fundamental time saver.

It's all the developers i work with though who are always stripping html formatting who really piss me off, and i swear half the time I don't read their emails because the visual monotone is just too hard to slog through. Also it fucks up the email threads because it rips out any useful emphasis from other thread participants.

A few of the developers I *cannot avoid* working with, I have successfully appealed to them to set HTML by default on the grounds of readability. Conversation went like this:

Me: "Dude, do you find it comfortable to read emails that are well formatted for readability?"
Him: "Um, yeah sure."
Me: "Then why don't you afford me the same courtesy? Your emails are hard as hell to read, and you screw up the thread history by rudely removing other peoples formatting."
Him: "Hm, never thought about that. Okay, HTML is good, i'll switch."

Drop mic.

Re:How about we create a new standard WITHOUT TABL

And Javascript? Oh, what could possible go wrong there?

What's The Advantage Over TLS?

We've already got start TLS if the admins want to enable and configure it. What does having yet another type of encryption channel do?

I'll tell you what the problem with the lack of encryption is. It's certificates. They cost way too much which makes a somewhat complicated setup procedure even less desirable.

Let'sEncrypt is a small step in the right direction, but it is not the answer. Their free certificates make it very appealing, but running their funky and highly suspect code on my servers, to dynamically change my certs no less, is a non-starter. Allow me to pull free certs and install them as I see fit and I'll have a valid cert on every singe host. Until then, there's going to be a small few hosts with valid third party certs and a bunch of self-signed.

Re:How about we create a new standard WITHOUT TABL

[The-Ixian]

Markdown would allow for simple formatting like what you describe.

Ps an example UI solution is keys via DNSSEC

[raymorris]

The way I see it, it's much like IP protocol and specifically IP addresses- the protocol, the technology, works well, but IP addresses needed a user-friendly layer on top. Enter DNS. You can google.com and your client software automatically looks up the matching IP and uses it. There's a standard to do the exact same thing with PGP keys.

PGP keys can be served via DNS, so when you email support@clonebox.net it automatically looks up my key and encrypts your email. Just as you, the human user, never see the IP of my mail server, you also never see my PGP key. It just works automatically. Of course that means DNS needs yo be secured. Enter DNSSEC.

Re:Ps an example UI solution is keys via DNSSEC

[FlyHelicopters]

That sounds like a perfectly reasonable solution. But to do it will require that all the major companies do it. It has to be built into Chrome, Edge, Safari, etc.

It also has to be built into Yahoo Mail, GMail, Outlook Mail, etc.

But yes, I support that solution.