The folks at the Electronic Frontier Foundation (EFF) had a vision: to do for email servers what Let’s Encrypt did for web servers. To that end, they launched STARTTLS Everywhere, a new project that provides guidance to server administrators on how to configure email servers to run STARTTLS correctly.
STARTTLS aims to simplify the installation of email encryption by providing an extension of the SMTP email-sending protocol that takes an existing insecure connection and upgrades it to a secure connection using TLS (or SSL) certificates.
In a nutshell, here’s how it works. STARTTLS safeguards email communications by allowing the email servers at both ends of a connection to exchange certificates and set up an encrypted communications channel before sending or receiving emails. Once that process is complete, the sending server transmits the encrypted email which the receiving server then decrypts.
Kevin Bocek, Chief technology strategist at Venafi explains why this is important, “Without STARTTLS, email that flows between servers can be read in transit and the receiving server can be spoofed. This could allow attackers to snoop on email traffic between servers.”
Why is a program like STARTTLS Everywhere so important? In an earlier blog, we reported on an email encryption vulnerability called Efail. In a technical paper, researchers showed how they were able to breach two common end-to-end email encryption methods, S/MIME and PGP.
While STARTTLS is a huge step forward for enterprise data protection and privacy, if it is not configured properly its benefits diminish. Often, STARTTLS will be enabled on am email server, but it will not be configured to validate certificates. In effect, this makes it difficult to ensure the legitimacy of the connection and to be certain that the email cannot be read by other third-party observers.
Improper configuration can lead to a false sense of security with potentially hazardous consequences. Bleeping Computer warns that without the proper configuration, “anyone can interpose himself between two email servers and use an invalid certificate to pose as the recipient or sender, as most email servers fail to verify the provided certificate's authenticity. Furthermore, due to a lapse in STARTTLS' design, STARTTLS-encrypted email communication channels can be downgraded to sending the email message in cleartext, instead of an encrypted form.”
Ensuring proper configuration to avoid the abuse of email encryption is where STARTTLS Everywhere will add a great deal of value. According to EFF, "STARTTLS Everywhere provides software that a sysadmin can run on an email server to automatically get a valid certificate from Let’s Encrypt." EFF continues, "This software can also configure their email server software so that it uses STARTTLS and presents the valid certificate to other email servers."
Kevin Bocek, Chief technology strategist at Venafi, believes this program will have a positive impact on overall machine identity management. “System administrators and security teams will be most interested in the STARTTLS Everywhere program since it removes headaches and misconfigurations that larger security teams have only been able to address as part of their machine identity management programs.”
How secure are the machine identities of your email servers?