Microsoft, Google, Others Push For Encrypted Email Protocols - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
3/23/2016
12:06 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft, Google, Others Push For Encrypted Email Protocols

Tech giants including Google, Microsoft, and Yahoo have banded together to proposed a method for making email more secure.

iPhone SE, Smaller iPad Pro Unveiled: Up Close Look
iPhone SE, Smaller iPad Pro Unveiled: Up Close Look
(Click image for larger view and slideshow.)

While the US government's legal campaign to force Apple to undermine the encryption on the iPhone used by San Bernardino shooter Syed Farook awaits the FBI's exploration of a possible security bypass, technology companies are continuing their efforts to strengthen encryption across other communications channels.

Since Edward Snowden's 2013 revelations about the expansive digital surveillance capabilities of US intelligence agencies, technology companies have been scrambling to make data at rest and in transit more secure.

Apple's adoption of default device encryption in iOS 8 represented a major shift in the security landscape, but other companies have been active too. Google, for example, made HTTPS connections mandatory for Gmail in 2014. That same year, Microsoft enabled Transport Layer Security encryption (TLS) for Hotmail.com, Live.com, MSN.com, and Outlook.com, and enabled Perfect Forward Secrecy (PFS) for OneDrive. Also in 2014, Facebook urged companies to adopt STARTTLS encryption for email.

(Image: Pixabay)

(Image: Pixabay)

In 2015, Google let its cloud customers provide their own encryption keys. Also last year Microsoft introduced a feature called Always Encrypted in SQL Server 2016 and enhanced Office 365 Message Encryption.

This long-running lockdown advanced further on Friday when a group of software engineers from Comcast, Google, LinkedIn, Microsoft, Yahoo, and 1&1 Mail & Media Development submitted a draft proposal to the Internet Engineering Task Force that describes SMTP Strict Transport Security (SMTP STS), a method for making email more secure.

SMTP, or Simple Mail Transport Protocol, was not designed for security. Related protocols like TLS (the successor to SSL) provide some protection by encrypting email messages between the client application and the server. STARTTLS provides a mechanism to upgrade unprotected connections to TLS.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

But there are still ways to compromise online security -- specifically by means of attacks that can downgrade or intercept SMTP sessions despite the presence of TLS and STARTTLS security.

SMTP STS aims to close the gaps that allow TLS email encryption to be degraded. "SMTP Strict Transport Security protects against an active attacker who wishes to intercept or tamper with mail between hosts who support STARTTLS," the proposal explains.

The proposal outlines the mechanism for domains receiving messages to publish policies that describe TLS support, how TSL certificates and published policies can be authenticated, how failures can be reported, and how mail servers should respond to failures.

If adopted, SMTP STS should make online communication more secure. However, it's unclear how long the process to approve the protocol will take. But with such tech heavyweights backing it, it is should move forward, particularly if the companies involved start implementing it within their own offerings.

Email is already moving in that direction, albeit slowly. According to Google, about 83% of outgoing Gmail messages are encrypted, up from around 79% a year ago. Among incoming Gmail messages, 69% are now encrypted, up from about 55% a year ago.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll