Tuesday, 22 March 2016
0 comments

World's Largest Companies Including Microsoft And Google Join To Work On Encrypted Email

World's Largest Companies Including Microsoft And Google Join To Work On Encrypted Email

World's Largest Companies Join Forces To Work On Encrypted Email


The underlying transport technology, SMTP which is used to send the email is still surprisingly ancient, even though it has been for decades. Most of the emails are sent in plain text and they are unencrypted too, but still we rely on it for our private conversations also, that's why the SMTP STARTTLS was invented to fix it. 


But it didn't gain much success and was failed to be widely adopted. It contains so many flaws also and was fail to ensure that the emails are actually encrypted.

With SMTP STARTTLS it is very easy to man-in-the-middle an email before it’s sent and tell the sender that there’s no SSL enabled so the client will send it unencrypted without warning.

A new proposal was submitted to Internet Engineering Task Force, which was worked on by engineers from Microsoft, Yahoo, Google, Comcast, LinkedIn, 1&1 Mail & Media Development.

The main idea was to protect against an attacker who wants to intercept or modify email in transit by either impersonating the destination server or breaking SSL through various existing attacks.

The another idea was, the supported SMTP STS email when sent to a domain then the it is automatically check by the sender that whether it supports encryption or not. Before sending the email if the certificate is valid then it ensures that it's a right server.

In invalid case, the email will not deliver and tell the user a valid reason. A wealth of technical details is included in the proposal based on how this should work in practice.

If the proposal succeeds then it will ensure the proper email communication with authentication, which has long existed on the Web, but not your inbox.

According to Google, the TLS encryption is supported by more than 70 percent of Gmail’s inbound messages received over SSL. But without the user knowing, so many issues can mean email falls back to plain-text.

You can read more here

0 comments:

Post a Comment

 
Toggle Footer
Top