Encryption Issues

From Roaring Penguin
Revision as of 15:23, 24 June 2014 by MCoyne (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Encryption can mean many things, so there isn't a simple answer.


The appliance has Setup : HTTPS where you can put your certificates in to secure the web interface.


The appliance uses stock Sendmail, which you can configure to support TLS and install your certs. TLS is no guarantee of end-to-end encryption, though. Sendmail uses opportunistic TLS (if it's available, use it) so there's no guarantee an email is transmitted securely. Even if you force TLS, there's no guarantee that the mail server you got the mail from or the one you gave it to will continue to keep it secure.

Secure messaging (supported in CanIt 9.1.1 and above)

The standard practice for encrypted mail (outbound) is to send the message to a server which keeps a copy and sends the recipient a token instead. The recipient then retrieves the mail via a web interface over HTTPS with authentication.

Even then, many of these services aren't great because they require the recipient to authenticate and it is challenging to find a means for this when emailing an unknown recipient.

For example, if I send an encrypted message to you, you would get an email saying something like "please click this link to retrieve your encrypted message". When you click the link you get a page that requires you to authenticate, but since I've never exchanged encrypted email with you before, my server doesn't have a password for you, so unless I know something else about you (a phone number or some pre-shared secret) to confirm who you really are, my only choice is to ask you to to create a new password. If someone intercepted your (insecurely delivered) "please click to retrieve" email, what's to stop them from making a password and retrieving your encrypted email?

(for inbound email, of course, there's no way to guarantee security. Either the sender needs to use a service like the above, or the best you can do is force email from the sender's domain to use TLS, but that doesn't guarantee the email was encrypted before it got to the relay which passes the message to your server)