STARTTLS
<templatestyles src="Module:Hatnote/styles.css"></templatestyles>
STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. STARTTLS is primarily intended as a countermeasure to passive monitoring.
STARTTLS for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120, for LDAP in RFC 2830, for NNTP in RFC 4642, and for FTP in RFC 4217. For IRC, the de facto definition is documented at the InspIRCd wiki.
Contents
Layering
TLS is application-neutral; in the words of RFC 5246
- One advantage of TLS is that it is application protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS.[1]
The style used to specify how to use TLS matches the same layer distinction that is also conveniently supported by several library implementations of TLS. E.g., the RFC 3207 SMTP extension illustrates with the following dialog how a client and server can start a secure session:[2]
S: <waits for connection on TCP port 25> C: <opens connection> S: 220 mail.example.org ESMTP service ready C: EHLO client.example.org S: 250-mail.example.org offers a warm hug of welcome S: 250 STARTTLS C: STARTTLS S: 220 Go ahead C: <starts TLS negotiation> C & S: <negotiate a TLS session> C & S: <check result of negotiation> C: EHLO client.example.org[3] . . .
The last EHLO command above is issued over a secure channel. Note that authentication is optional in SMTP, and the omitted server reply may now safely advertise an AUTH PLAIN SMTP extension, which is not present in the plain-text reply.
SSL ports
Before STARTTLS was well established, a number of TCP ports were defined for SSL-secured versions of well-known servers. These establish secure communications and then present a communication stream identical to the old un-encrypted protocol. These are no longer recommended, since STARTTLS makes more efficient use of scarce port numbers and allows simpler device configuration.[citation needed] On the other hand, SSL ports have the advantage of fewer round-trips; also less meta-data is transmitted in unencrypted form.[4] Some examples include:
Protocol | Purpose | Normal port | SSL variant | SSL port |
---|---|---|---|---|
SMTP | Send email | 25/587 | SMTPS | 465 (legacy)[5] |
POP3 | Retrieve email | 110 | POP3S | 995 |
IMAP | Read email | 143 | IMAPS | 993 |
NNTP | News reader | 119/433 | NNTPS | 563 |
LDAP | Directory Access | 389 | LDAPS | 636 |
FTP | File transfer | 21 | FTPS | 990 |
Weaknesses and mitigations
Because the initial handshake takes place in plain text using opportunistic encryption, an actor in control of the network can strip the STARTTLS from the network, silently forcing a user's emails to be sent in plain text in a STRIPTLS attack. In September 2014, major email providers in Thailand were subject to such large scale attacks.[6] In October 2014 Cricket Wireless, then a subsidiary of VPN provider Golden Frog was found to be doing this using Cisco[7] devices on their network in an attempt to inspect emails and block spam.[8][9]
DNS-based Authentication of Named Entities as a part of DNSSEC attempts to advertise secure SMTP support via a TLSA record to prevent such attacks. The STARTTLS Everywhere project from the Electronic Frontier Foundation works in a similar way.
Popularity
Following the revelations made by Edward Snowden in light of the global, mass surveillance scandal, popular email providers have bettered their email security by enabling STARTTLS.[10] Facebook reported that after enabling STARTTLS and encouraging other providers to do the same, 95% of Facebook's outbound email is encrypted with both Perfect Forward Secrecy and strict certificate validation.[11]
Mainstream providers that employ STARTTLS
- Amazon.com[12]
- Comcast.net[13]
- Dropbox.com[12]
- Facebook.com[12]
- Google.com[12] (Gmail)
- Microsoft.com[12] (Outlook)
- Sonic.net[12]
- Spideroak.com[12]
- Yahoo.com[12]
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ The last line in the example added for clarity. See e.g. the thread started by Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Dovecot SSL documentation: http://wiki2.dovecot.org/SSL
- ↑ Port assignment has been revoked. Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 12.0 12.1 12.2 12.3 12.4 12.5 12.6 12.7 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
- SMTP TLS Tests and Tools (the "Receiver Test" shows dialogs like the one above)
- Verify if a receiving domain has STARTTLS enabled and with which security level
<templatestyles src="Asbox/styles.css"></templatestyles>