Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google, Microsoft, Yahoo Join Forces To Create New Encrypted Email Protocol

Posted by msmash on from the exciting-email dept.

An anonymous reader writes: A group of independent security researchers and major Silicon Valley tech giants have submitted a proposal for a new email protocol called SMTP STS (Strict Transport Security). In theory, this new extension looks like the HSTS (HTTP Strict Transport Security) extension to HTTPS. Much like HSTS, SMTP STS brings message confidentiality and server authenticity to the process of starting an encrypted email communications channel. HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks. to avoid SSL/TLS downgrades and MitM attacks. The biggest names on the contributors list include Microsoft, Google, Yahoo, LinkedIn, and Comcast. Last year, Oracle also submitted a similar proposal called DEEP (Deployable Enhanced Email Privacy).

35 of 123 comments (clear)

  1. Storage by Anonymous Coward · · Score: 2, Insightful

    If the messages are not stored encrypted, what's the point? Private email sitting on Google/Yahoo servers is a much larger attack surface than email in transit.

    1. Re:Storage by Junta · · Score: 5, Insightful

      The storage of content and transmission of content are separate concerns. A standard protocol to cover transmission of messages should not be concerned with the storage of it.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    2. Re:Storage by MobileTatsu-NJG · · Score: 4, Insightful

      Yeah, I was going to say: If Google actually did do their job correctly they wouldn't be able to monetize GMail.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    3. Re:Storage by The-Ixian · · Score: 2

      Exactly.

      Also, more to the point, I think this is more about *authentication* than it is about encryption.

      But since strong encryption requires authentication for proper implementation, you get 2 birds for the price of one.

      --
      My eyes reflect the stars and a smile lights up my face.
    4. Re: Storage by Z00L00K · · Score: 4, Insightful

      Encryption of messages is not prevented by this technology, it's two completely different uses.
        - SMTP STS is used for validating the server channel to prevent spoofed servers. It doesn't care about the message content.
        - Encrypted messages already exists and encrypts the message body, but that will require that both sender and receiver have exchanged some information. However these messages don't care about the channel used.

      For best result you need both.

      But I also see problems here:
        - the SMTP STS requires certificates provided by a Certificate Authority (CA), and lately it has been revealed that not every CA is especially good at handling this.
        - It will also require a good implementation of revocation of certificates.
        - The management of the certificates may be costly, both the certificate and the management of it.

      Overall it will drive cost, and that may be what kills this idea.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    5. Re: Storage by Junta · · Score: 3, Insightful

      The transport doesn't support *any* concept of storage. It doesn't have to, that's why it's called transport.

      Now you could say you should be using S/MIME or similar as it's more comprehensive end-to-end and secure transport is inadequate, but this is strictly a transport standard.

      It's also a standard that can do something to mitigate risk to those who do not avail themselves of S/MIME.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    6. Re:Storage by GuB-42 · · Score: 2

      Not really, Google servers are very secure. Unless you are a major government, there is probably nothing you can do there.
      In transit, there are many vulnerable intermediates : WiFi and Ethernet can be sniffed, routers and DNS can be hijacked, ISPs can be compromised, etc...

    7. Re: Storage by scdeimos · · Score: 2

      You also missed that failure reports get sent to email address(es) listed in the rua=... parameter of the STS1 TXT record. Want to guess at what percentage of those email addresses will be handled by the target mail server as opposed to servers on alternate domains?

    8. Re: Storage by Rashkae · · Score: 3, Insightful

      That's the thing.. it's a solved problem,, has been a solved problem for over a decade. If only the big cloud players (MS, Google, Yahoo) got off their behiends and implemented encrypted e-mail that's relatively easy for people to use, that would be a *great* step in the problems being addressed here. Instead, they have to start re-inventing the whole transport protocol, while leaving the goldmine of data storage in the same sad 1980's shape.

  2. This is important... by __aaclcg7560 · · Score: 3, Interesting

    Yahoo Mail needs to have encrypted email. I haven't changed my password in 20+ years and probably won't for the next 20+ years..

    1. Re:This is important... by peragrin · · Score: 2

      I haven't changed my gmail password in 10 years. I have turned on two factor authentication.

      --
      i thought once I was found, but it was only a dream.
  3. "Transport" != "end-to-end" by QuietLagoon · · Score: 4, Informative

    The emails are still in plain text inside the email servers en route, unless the email sender and recipient use end-to-end encryption.

    1. Re:"Transport" != "end-to-end" by Anonymous Coward · · Score: 3, Funny

      Do you even PGP bro?

    2. Re:"Transport" != "end-to-end" by fph+il+quozientatore · · Score: 4, Informative

      The emails are still in plain text inside the email servers en route, unless the email sender and recipient use end-to-end encryption.

      This. We need one-click client-side e-mail encryption, usable by everyone. Like PGP but without the key management complications and the scary mojibake added to the e-mail body.

      --
      My first program:

      Hell Segmentation fault

    3. Re:"Transport" != "end-to-end" by Z00L00K · · Score: 2

      Like in Thunderbird: "Encrypt this message" when you compose it.

      You need to have a mail certificate, but that's no big deal except that you will have to pay for it.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:"Transport" != "end-to-end" by nine-times · · Score: 2

      You're right, but the problem is that the "key management complications" are very hard to get rid of.

      The problem with end-to-end encryption is that normal people can't be trusted to manage encryption keys. But then there are only two options: either you manage the keys, or someone else manages them for you. If someone else manages them for you, then whoever is managing the key also has access to your email. If your email provider is managing your keys for you, then your end-to-end encryption scheme is not meaningfully different then those messages being unencrypted on the server-- either way, you're entrusting your mail provider to secure the messages.

      Personally, I think we need a new breed of identity management providers, SSO solutions, etc. Overall the way we handle encryption certificates and passwords is absurdly primitive.

    5. Re:"Transport" != "end-to-end" by swb · · Score: 2

      If you don't have key management complications you have certificate trust complications.

      You could do public key directories (is there still a PGP directory?), but then you have trust questions about keys retrieved from a directory, which leads you back to key management issues.

  4. Finally by Xabraxas · · Score: 3, Interesting

    Email is the backbone of most businesses and it is a horrible insecure mess. Maybe people will finally be able to email secure information easily. Email is easily one of the biggest compliance issues because of how insecure it is.

    --
    Time makes more converts than reason
    1. Re:Finally by FlyHelicopters · · Score: 2

      How do you send email to random people encrypted?

      Your solutions work for internal email, but not external. The idea is to make all email secure.

    2. Re:Finally by unrtst · · Score: 2

      Maybe people will finally be able to email secure information easily.

      Which has nothing to do with SMTP STS.
      SMTP STS does not provide message integrity, privacy from any SMTP servers along the path, data security, nor authentication.
      That said, SMTP STS seems like it's a good addition to the existing transport security.

      The post title is, IMO, misleading. This isn't really a new email protocol, it's an extension to the existing protocol. Your email is not encrypted; your traffic is encrypted, and potentially only for part of its transit. While it is attempting to provide some level of assurance that the traffic is always encrypted between systems, it can not enforce that within ones network (ex. mail hits company external SMTP gateway, STS is done there, gateway passes it in plain text to local antivirus system, which passes it to local spam filter, which passes it to internal mail gateway, which routes to internal mail storage for the destination user, then the user gets it via a secure or insecure channel).
      It does ensure that between you and your providers SMTP server there is encryption (which you could already ensure), and that between your provider and the destination server, as defined by the destination MX record, there is encryption. That's a nice bonus, but it doesn't completely solve the "horrible insecure mess".

    3. Re:Finally by Lumpy · · Score: 2

      You seem to not understand encryption.

      Freely publish a public key. Step 2; there is no step 2 as anyone can now send me encrypted mail that I can decrypt using my private key.

      --
      Do not look at laser with remaining good eye.
  5. Correction by Anonymous Coward · · Score: 2, Informative

    I like that mods actually took their time to edit a description for once, but there's a mistake.

    "The new protocol also works with HTTPS" should be "works like HSTS".

    The original text from the recent submissions page was technically accurate.

    But yeah, since Microsoft, Yahoo and Google joined forces, this almost guarantees the standard will be approved. Once you get the three major email providers to agree on something, it's almost as done.

  6. Don't blame email! by s.petry · · Score: 4, Insightful

    I get really tired of this, because it's completely backward and wrong. Email is fine, and it does exactly what it was intended to do. Route messages from source to destination. People like you want email to be something different, but always arbitrary because there is no solution which works to encrypt out of the box which can not be tampered with. You want secure, that's fine but don't make an insecure protocol for mail routing the answer.

    Use email for email. Attach encrypted files using what ever format you want, and you have control of the encryption. Stop demanding that generic "email" does it all for you, because if you trust any of the companies listed in TFA to give you bullet proof security, you are a tool.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Don't blame email! by Dutch+Gun · · Score: 4, Interesting

      The current e-mail protocols were designed at a time when everybody on the internet was expected to play nice. It could use an upgrade for today's significantly more hostile environment. There's really no reason we shouldn't have an upgraded protocol with more security and better authentication built in.

      Nothing against the brilliant minds that created some of these early protocols, but they simply couldn't foresee some of the modern security and privacy issues the current internet has to deal with. We've also learned a thing or two about encryption and secure protocols in the last few decades, and upgraded protocols accordingly, right? I think it's a good time to try to introduce an upgraded e-mail standard. Whether it takes hold or not is a question, but with some of the big names apparently behind it, I don't see why not.

      BTW, if you're going to reject out of hand a proposal for a new standard because of the names of the companies involved, then you're not thinking things through clearly. This would be an open standard, meaning it's possible for security specialists to vet and declare the protocol safe and secure, just like we do with TLS and other modern protocols. It seems like it would be rather tricky to hide secret backdoors in an open standard.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Don't blame email! by bondsbw · · Score: 2

      Same thing would apply for HTTPS, wouldn't it?

      "HTTP is fine, and it does exactly what it was intended to do. People like you want web servers to be something different, but always arbitrary because there is no solution which works to encrypt out of the box which can not be tampered with. You want secure, that's fine but don't make an insecure protocol for web serving the answer. Stop demanding that generic "web browsing" does it all for you, because if you trust any of the companies listed in TFA to give you bullet proof security, you are a tool."

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    3. Re:Don't blame email! by Dutch+Gun · · Score: 3

      By your argument, we shouldn't be using our current e-mail protocols for anything requiring security of any sort, and I absolutely agree, but that's not the reality of the world we live in. Everyone has need of a secure messaging protocol on occasion, not just commercial institutions. What happens when you reset your password to nearly any web site that requires a secure login? Yep, you get sent a reset code or link by e-mail, right in the clear, which is used to authenticate that you're the owner of that account. What open, universal, secure messaging alternative do we have for this sort of thing? There's clearly a need for it.

      If we now understand how to do a better job of securing e-mail and why doing so is a good thing, is there a reason not to? I'm afraid I just don't really understand your apparent opposition to a more secure e-mail protocol. Did you fervently oppose HTTPS as well, accusing people of "blaming HTTP" for trying to do things with it that it was never designed to do? This seems rather analogous to me.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    4. Re:Don't blame email! by Dutch+Gun · · Score: 4, Insightful

      You don't like SMTP don't use it! Go make your own protocol

      /facepalm. That's what we're discussing here.

      --
      Irony: Agile development has too much intertia to be abandoned now.
  7. Editorial mistake... by Junta · · Score: 2

    The new protocol also works with HTTPS to avoid SSL/TLS downgrades and MitM attacks.

    The article says:

    HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks.

    HSTS != SMTP STS, though they are similar.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  8. Re:Solved problem? by Junta · · Score: 3, Insightful

    It could be considered a protocol to negotiate use of TLS more securely.

    S/MIME and OpenPGP would be more thorough solution to the problem.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  9. Re:It's about time by Junta · · Score: 3, Insightful

    GPG and/or S/MIME would address your concern, but this proposal would not.

    This is basically using TLS more properly in SMTP, which in and of itself is good, but far from adequate.

    Here is the tricky thing about TLS: it works well in theory for user-service interactions (e.g. I care I'm talking to 'onlinebanking.bigbank.com'), but not as well for messaging (I'm not conversing with a server, whose identity is hidden away in the headers, I'm conversing with whatever is in the 'From/To/CC/BCC' fields, and those are the folks I care about authenticating)

    --
    XML is like violence. If it doesn't solve the problem, use more.
  10. Re:How about we create a new standard WITHOUT TABL by The-Ixian · · Score: 3, Insightful

    I feel bad for you.

    e-mail marketing is barely 1 step above straight spam.

    If I had it my way, e-mail would be text only or implement some form of markdown

    If you want to have fancy formatting, throw up a web page and go nuts, then send a non-shortened link by e-mail if you absolutely must.

    --
    My eyes reflect the stars and a smile lights up my face.
  11. PGP, since 1991. key servers. If people cared by raymorris · · Score: 4, Informative

    > How do you send email to random people encrypted?
    > Your solutions work for internal email, but not external.

    This problem was solved in 1991, in terms of the technical implementation and protocol. The "problem" is that few people care about receiving encrypted email, so they don't publish a key to use for sending them email. Maybe if email clients made it super-easy more people would do it.

    Here's a brief description of how PGP/GPG works. Wherever I publish my email address, I also publish my public key, which I generated. To send me an email, you can either use my address and my public key, or you can let your email client retrieve the key for you, from a key server. Since the email is encrypted with my public key, it can only be decrypted by my private key.

    Personally, I publish my public key on the "Contact Us" page of my web site and on the public key servers.

    The protocol works fine. The problems are that email clients don't make it super-easy for you to generate and publish a key, or to send PGP email using the recipient's key. That's a UI problem, not a protocol problem.

    1. Re:PGP, since 1991. key servers. If people cared by FlyHelicopters · · Score: 2, Insightful

      This problem was solved in 1991, in terms of the technical implementation and protocol.

      You are confusing the technical solution with the practical end-user solution.

      The "problem" is that few people care about receiving encrypted email, so they don't publish a key to use for sending them email. Maybe if email clients made it super-easy more people would do it.

      That will never, EVER happen. If people have to "publish" a key manually, then you can just forget it.

      Personally, I publish my public key on the "Contact Us" page of my web site and on the public key servers.

      See above. You completely and totally miss the point. If I have to track down a web site, or Google+ page, or Facebook page, and manually copy or use a key from there, you might as well toss the whole idea in the bin.

      If it isn't automatic, then it doesn't exist for 95%+ of computer users.

    2. Re:PGP, since 1991. key servers. If people cared by kqs · · Score: 2

      What I'm saying is "PGP is not useful for the masses because PGP's key management is useless".

      If you look on the public keyservers and you see three keys for an address, you have no way of knowing which (if any) belong to the person without lots of research and guessing. People forget their passwords for online accounts all the time; if all email were encrypted, then forgetting the password for your key means you lose all past email forever and don't have a good path to say "stop using that old key, use this new key, and you can trust this statement".

      CAs suck slightly less than web-of-trust, so in theory x509 mail signing would be more usable, but we've been able to deploy that for a few decades and nobody has done so. So that's will also not work.

      I'd love to have end-to-end encrypted mail for everyone, but I have not seen any way of doing that. At least TFA's proposal, which secures and authenticates each network link, will help and is feasible. PGP is not feasible, and I say that as someone who used it for a very long time.

  12. Wait..... by JustAnotherOldGuy · · Score: 2

    So now I'll have to decrypt my spam in order to read it? I feel safer already!

    --
    Just cruising through this digital world at 33 1/3 rpm...