The Pentagon Says It Will Start Encrypting Soldiers' Emails Next Year (vice.com) 63
An anonymous reader shares a Motherboard report: Basic decade-old encryption technology is finally coming to Pentagon email servers next year. For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet. That technology, technically known as STARTTLS, isn't a cutting edge development -- it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015, the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil, which is hosted on the cloud for 4.5 million users. But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA. DISA's promise comes months after Senator Ron Wyden (D-Oregon) said he was concerned that the agency wasn't taking advantage of "a basic, widely used, easily-enabled cybersecurity technology."
Available Encryption (Score:5, Informative)
None of this, of course, is to say that encryption of email itself has been un available. Indeed I use the credentials on my CAC (Common Access Card) to encrypt most if not all of my email before sending it.
Re: (Score:1, Funny)
Shoulda remembered I was reading a slashdot post...
MITM (Score:5, Informative)
StartTLS is no panacea, an active MITM peer can simply strip the request.
Actually, no.
- if you set to StartTLS to "required" (or if you use IMAPS), your client will only go further if a successful SSL/TLS encrypted link is established with the server.
The MITM can't just strip the request, the client will refuse to connect.
- SSL/TLS links will fail if they are not signed by a recognized authority.
The attacker needs to have a key that is signed by a trusted authority (and thus either needs to have a certificate issuer in cahoots - has actually hapenned with some cert authorities in the past - or needs to manage to get control of the e-mail server (thus can actually access without MITM. OR can steel the original private key and freely MITM. OR can generate a new key and have it at least non-EV signed and use this new key for MITM)
MITM is the main class of problems that SSL/TLS can succesfully fight (when done right). /certificates) )
(As opposed to "privacy" class of problems, which are better handled with end-to-end encryption, like PGP / GPG (web of trust) or S/MIME (public key
Re: MITM (Score:1)
StartTLS cannot be set as mandatory for SMTP connections between servers. There is simply no way to tell the other side that you want StartTLS.
Client to server can of course be protected
Re: (Score:1)
what!!!!
Re: MITM (Score:4, Informative)
There actually is a way to tell the other side you want TLS. It's called DANE (RFC 7672). It's new and not widely used yet.
Here's a presentation on the topic:
https://www.ietf.org/proceedin... [ietf.org]
Re: (Score:2)
This is done all the time, defined relays can require StartTLS pin keys and a slew of other thigs. It can even be one sided. RFC 7672 makes this more common by allowing it to be automatic.
Re: (Score:1)
So every single military transaction is prone to human error and or complacency. This isn't a nuanced criticism. It is in fact damning.
Re: (Score:2)
So every single military transaction is prone to human error and or complacency.
Why? You're making a huge ASS umption that most if not all people who send sensative email are not like me. Of course I work for the Air Force where people are intellegent, but the idea that the DoD is populated by morons is a stereotype prepetuated by people who have never had meaningful interestion with very many people who work for the DoD.
Re: (Score:3)
'nuff said! ;-)
Harping on spelling erors is the sign of an unsecure moron...
Re: (Score:2)
The average person is barely above the level of moron and half of them are dumber than that. I start with the assumption everyone is an idiot and wait until proven wrong on a case by case basis. Yes I include myself in that. While I generally learn from my mistakes after 40 years I still find instances of what was I Thinking when I recently did X.
It isn't that there are not smart people at the DOD. It is the average is well average. And that doesn't fill me with confidence. I work with smart people. Peopl
Re: (Score:2)
It isn't that there are not smart people at the DOD. It is the average is well average. And that doesn't fill me with confidence. I work with smart people. People who have used computers for 20 years. And I still have to explain basic file handling and email concepts to them. it is even more baffling when OCD organized people , people who organize parts and clothes by size color and shape. have 100 files and folders on their "desktop" computer and can never find what they are looking for.
I understand your point.
I work exclusively with pilots, most of whom are Academy grads as well as having advanced degrees, mostly science but it varies, from well known schools.
So my exposure is probably skewed. The "rank and file" actually have to do fairly regular computer security and safety training to maintain network access, but absorbing the essentials is a variable.
I can not speak for the Army or other DoD departments, only mine, which in general is made up of educated people.
- Frosty
Re: Available Encryption (Score:1)
Re: (Score:1)
The article is full of issues. #1, the MAIL.MIL system is what they are talking about and the connections it makes with "external" MTA's.
Internally, mail has been routed over SSL/STARTTLS connections. The Exchange servers before the DEE migration also used secure relay for messages.
Mail items themselves have been encrypted using CAC cards and probably one of the largest implemented PKI infrastructures out there. In fact, the DoD PKI/PKE is so large and expensive (cards are $30+ each and routinely get burned
Re: (Score:2)
Based on: the public NEVER uses PGP. Maybe if you are some kind of security expert and have spread your public key around.
"I" use PGP, and I am no security expert. My pubkey is available right here on Slashdot at the usual http://slashdot.org/~CronoClou... [slashdot.org]
Because of this one simple reason: It's not available for mobile phones. Might as well be invisible to 99% of the population.
It most certainly is, look for OpenKeychain on Google Play, it integrates well with the K9 Mail app.
Idiocracy (Score:1)
It is here:
What could possibly go wrong?
Cloud? What cloud? (Score:2)
"which is hosted on the cloud "
Ah, yes, "the cloud". Like there is just one. Thanks for the specifics. Does anyone know the details here; is the military really using AWS for email hosting?
How email works.... (Score:2, Informative)
...I think people have misconceptions about how exactly emails works. It's not bounced around from server to server until it gets to it's destination.
It's delivered directly to whichever server(s) your specified in your domain's mx record. So emails cannot simply be intercepted by whomever just like that.
However by default it is sent as clear text, which means in theory your Tier 3 (your ISP), tier 2 and tier 1 providers could intercept those emails since the packets have to pass through their networking eq
Re: (Score:2, Informative)
> So emails cannot simply be intercepted by whomever just like that.
It absolutely can be intercepted by whomever just like that. Just because email doesn't bounce around at the application level doesn't mean packets don't bounce around at the transport level. Do a traceroute between mail servers. Any one of those routers (and any devices in between them that silently pass packets) can be compromised. Any link in between them can be compromised. Don't say it can't happen. The government at least already h
Re: (Score:2)
^ This.
Nobody should rely on STARTTLS actually working anywhere, any time, especially in countries like Australia where ISPs are legally required to MITM all SMTP connections on behalf of the United States "intelligence" services. ISP do this with proxy appliances that remove the STARTTLS capability from the origin serv
Um... (Score:2)
They're talking about *personal* emails, right? Surely they aren't *that* incompetent that they're sending official communications over unencrypted email? PLEASE tell me they're not that stupid...
Re:Um... (Score:4, Informative)
DoD networking isn't quite the same as what's available to the rest of us.
"Normal" stuff goes over something called NIPRNet. It uses Internet protocols and is connected to the Internet via a few gateways, but if you are emailing from .mil to .mil, it stays on NIPRNet. So it's a bit like emailing another employee at work - The message stays within your employer's network so it's hard(er) to MITM.
Important things go over SIPRNet, JWICS or another more secure network. Encryption in-transit over those networks has been standard since those networks were built, and is done via hardware devices.
Re: (Score:2)
Yes, you should not send official communications unencrypted. But even sending personal information unencrypted may be bad. If one person emails his wife saying that he is stationed at base X then that is no big deal. But if a thousand people say that they just got stationed at base X within a short period of time then that might be bad. There is a reason why during WWII before d-day they officially put Patton in charge of an inflatable and fake army. They were trying to convince Hitler that Patton's attack
Re: (Score:3)
What could go wrong?
Someone on a ship sends an email home with the final server been a very average for profit
Some faith or cult member or dual citizen makes a copy of all
Another nation slowly builds a database of all in use
STARTTLS is mostly useless (Score:1)
Most SMTP servers that implement STARTTLS don't even bother to verify the certificate presented to them by the remote host. Pretty trivial to MITM this traffic. This is basically the equivalent of putting a crapton of post cards in a lock box with a skeleton key. It'll keep honest people from reading your mail..thats about it.
The real solution is to encrypt the CONTENTS of the email using something like S/MIME or GPG.
Bring back Lotus Notes! (Score:2)
Oooooohhhhhmmmmmm
ps I actually loved Notes specifically because it was so damn secure. Hard and expensive to manage, so the bean counters didn't agree with me.
Re: (Score:2)
Notes at least gave everyone their own private key that was used for everything.
My question is, can S/MIME, or even Symantec's PGP fill in this gap for secure E-mail? Symantec's PGP had the ability to use ADK (additional decryption keys) for recovery, and work pretty well. It would be another add-on to Outlook, but done right, a compromise of a mail server would be mitigated by doing this.
Re: (Score:2)
Depending on how the PGP server is set up it can also proxy the connection and do the encryption on the server itself, a lot of companies are set up that way. The encryption server sits between the MTA and the mail gateway or the Internet and encrypts/decrypts on the fly so compromising the mail server still would give the attacker access to plaintext messages. Actually encrypting mail is a solved problem, the problem is with key exchange. Despite many attempts at searchable keyservers and different keys
Email is not being encrypted (Score:4, Interesting)
Re: (Score:1)
It's been on by default in most MTAs for a decade.
Maybe in univeristies, but not anywhere in the real world. The only times our enterprise mail servers receive TLS (or even STARTTLS) mail is when we're testing it ourselves.
Re: (Score:2)
If you have a properly configured and standards-compatible e-mail server (not Exchange) then every e-mail from at least Gmail should be TLS.
Re: (Score:2)
That makes no sense. I suppose you're talking about once it leaves one mail server to go to another mail server it is no longer encrypted. But that scenario is only relevant if you're going to another server you don't control. That is not likely the case here.
Re: (Score:3)
How it works in 2017: (Score:2)
When you send an email from your client it goes to your server and then to the recipient's mail server
Your connection to the server is encrypted. If your recipient is on the same server then no further transmission is necessary. If you're recipient is within an internal network who's servers you can control then the further transmission can be encrypted if the admin chooses it to be. Then the only remaining piece is to read the mail using encryption. And that is precisely what is happening in this case.
Your mail server will almost always then send it out to the recipient on their wire in plain text.
Get with the times. Email servers these days will "almost always" send out to the recipient using encrypti
Backdoor (Score:3)
Are they demanding a backdoor to be build on those too?
They are going to encrypt? (Score:2)