Slashdot Mirror
Gmail Becomes First Major Email Provider To Support MTA-STS, TLS Reporting (zdnet.com)
Google announced today that Gmail has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting. Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. ZDNet reports: The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of thwarting SMTP man-in-the-middle attacks. The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails. For example, SMTP MTA Strict Transport Security (MTA-STS) works by allowing email server admins to set up an MTA-STS policy on their server. This policy allows a legitimate provider to request that external email servers verify the security of a SMTP connections before sending any emails. Minimum requirements, such as forcing external email servers to authenticate with a valid public certificate encrypted with TLS 1.2 or higher, can be enforced, depending on preferences, ensuring that emails sent to a company's server travel through an obligatory and properly encrypted channel -- or they don't arrive at all.
In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server's domain. Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic.
In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server's domain. Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic.
Two front-page dupes in the same day.
Aren't your Arabian overlords paying you enough to get decent sleep and / or caffeine?
I know dupes are a time-honored /. tradition, but for fuck's sake, people... y'know, nevermind. Par for the course for 21-st century. No one gives a fuck about quality anymore.
The "Civilized World" jumped the shark ca. 1973.
man in the middle absolutely not the big problem in "today's email landscape". Company emial servers not getting invalid MX lookups to other business. Spam, malware and phising emails are the problem. Let's eliminate that first before worrying about this chickenshit little problem