HOME

TheInfoList



Click Here for Items Related To - STARTTLS
OR:
STARTTLS on:   [Wikipedia]   [Google]   [Amazon]

Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted ( TLS or SSL) connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. It is a form of
opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
and is primarily intended as a countermeasure to passive monitoring. The STARTTLS command for
IMAP In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by . IMAP was designed with the goal of per ...
and
POP3 In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common p ...
is defined in , for
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
in , for
XMPP Extensible Messaging and Presence Protocol (XMPP, originally named Jabber) is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML (Extensible Markup Language), it ...
in and for
NNTP The Network News Transfer Protocol (NNTP) is an application protocol used for transporting Usenet news articles (''netnews'') between news servers, and for reading/posting articles by the end user client applications. Brian Kantor of the Univers ...
in . For
IRC Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...
, the IRCv3 Working Group has defined the STARTTLS extension.
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
uses the command "AUTH TLS" defined in and
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
defines a protocol extension
OID Oid or OID may refer to: * ''Oid'', a 2005 album by Space Manoeuvres * Object identifier, an object used in computing to name an object * Oracle Internet Directory, a directory service produced by Oracle Corporation * OpenID, a shared identity se ...
in .
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
uses upgrade header.


Layering

TLS is application-neutral; in the words of : :One advantage of TLS is that it is application protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS. The style used to specify how to use TLS matches the same layer distinction that is also conveniently supported by several library implementations of TLS. E.g., the SMTP extension illustrates with the following dialog how a client and server can start a secure session: S: <waits for connection on TCP port 25> C: <opens connection> S: 220 mail.example.org ESMTP service ready C: EHLO client.example.org S: 250-mail.example.org offers a warm hug of welcome S: 250 STARTTLS C: STARTTLS S: 220 Go ahead C: <starts TLS negotiation> C & S: <negotiate a TLS session> C & S: <check result of negotiation> C: EHLO client.example.org . . . The last ''EHLO'' command above is issued over a secure channel. Note that authentication is optional in SMTP, and the omitted server reply may now safely advertise an ''AUTH PLAIN'' SMTP extension, which is not present in the plain-text reply.


SSL ports

Besides the use of opportunistic TLS, a number of TCP ports were defined for SSL-secured versions of well-known protocols. These establish secure communications and then present a communication stream identical to the old un-encrypted protocol. Separate SSL ports have the advantage of fewer round-trips; also less meta-data is transmitted in unencrypted form. Some examples include: At least for the email related protocols, favors separate SSL ports instead of STARTTLS.


Weaknesses and mitigations

Opportunistic TLS is an
opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
mechanism. Because the initial handshake takes place in plain text, an attacker in control of the network can modify the server messages via a
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
to make it appear that TLS is unavailable (called a STRIPTLS attack). Most SMTP clients will then send the email and possibly passwords in plain text, often with no notification to the user. In particular, many SMTP connections occur between mail servers, where user notification is not practical. In September 2014, two ISPs in
Thailand Thailand ( ), historically known as Siam () and officially the Kingdom of Thailand, is a country in Southeast Asia, located at the centre of the Indochinese Peninsula, spanning , with a population of almost 70 million. The country is bo ...
were found to be doing this to their own customers. In October 2014,
Cricket Wireless Cricket Wireless is an American prepaid wireless service provider, owned by AT&T. It provides wireless services to ten million subscribers in the United States. Cricket Wireless was founded in March 1999 by Leap Wireless International. AT&T ac ...
, a subsidiary of
AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile tel ...
, was revealed to be doing this to their customers. This behavior started as early as September 2013 by
Aio Wireless Aio Wireless (pronounced ''"A-O"'' Wireless) was a prepaid wireless service provider in the United States, wholly owned by AT&T Inc., launched in May 2013. Identity The name Aio was as an abbreviation of the term "All in One", referring to t ...
, who later merged with Cricket where the practice continued. STRIPTLS attacks can be blocked by configuring SMTP clients to require TLS for outgoing connections (for example, the
Exim Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking ...
Message transfer agent Within the Internet email system, a message transfer agent (MTA), or mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using SMTP. The terms mail server, mail exchanger, and MX host ...
can require TLS via the directive "hosts_require_tls"). However, since not every mail server supports TLS, it is not practical to simply require TLS for all connections. An example of a STRIPTLS attack of the type used in Thai
mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizati ...
technology: 220 smtp.gmail.com ESMTP mail.redacted.com - gsmtp ehlo a 250-smtp.gmail.com at your service, EDACTED SERVICE 250-SIZE 35882577 250-8BITMIME # The STARTTLS command is stripped here 250-ENHANCEDSTATUSCODES 250-PIPELINING 250 SMTPUTF8 220 smtp.gmail.com ESMTP - gsmtp ehlo a 250-smtp.gmail.com at your service 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250 SMTPUTF8 This problem is addressed by
DNS-based Authentication of Named Entities DNS-based Authentication of Named Entities (DANE) is an Internet security protocol to allow X.509 digital certificates, commonly used for Transport Layer Security (TLS), to be bound to domain names using Domain Name System Security Extensions (DNS ...
(DANE), a part of
DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
, and in particular by for SMTP. DANE allows to advertise support for secure SMTP via a TLSA record. This tells connecting clients they should require TLS, thus preventing STRIPTLS attacks. The STARTTLS Everywhere project from the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ci ...
works in a similar way. However, DNSSEC, due to deployment complexities and peculiar criticism, faced a low adoption rate and a new protocol called SMTP MTA Strict Transport Security or MTA-STS has been drafted by a group of major email service providers including Microsoft, Google and Yahoo. MTA-STS does not require the use of DNSSEC to authenticate DANE TLSA records but relies on the
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
(CA) system and a trust-on-first-use (TOFU) approach to avoid interceptions. The TOFU model reduces complexity but without the guarantees on first use offered by DNSSEC. In addition, MTA-STS introduces a mechanism for failure reporting and a report-only mode, enabling progressive roll-out and auditing for compliance.


Popularity

Following the revelations made by
Edward Snowden Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...
in light of the global mass surveillance scandal, popular email providers have bettered their email security by enabling STARTTLS.
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin M ...
reported that after enabling STARTTLS and encouraging other providers to do the same, until Facebook discontinued its email service in February 2014, 95% of outbound email was encrypted with both
Perfect Forward Secrecy In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key ...
and strict certificate validation.


References


External links


Secure Email Tests and Tools
verify STARTTLS in real-time dialog like example above
Verify if a receiving domain has STARTTLS enabled for email and with which security level
* A mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections. {{DEFAULTSORT:Starttls Internet mail protocols Transport Layer Security fr:StartTLS