parallax background

Email via TLS are secure! Misconception or truth?

People who discuss documents together. To the left and to the right of them are laptops. This picture symbolizes the application of RMail in the wealth management sector.
London based wealth management firm Carrington Investments are sending secure & registered emails for e-signature with Frama RMail
12. December 2019
Man in a suit pointing his finger at a graphic. In the middle of this graphic there is a lock. This picture symbolises the topic GDPR compliance & encryption.
GDPR compliance & encryption
26. February 2020
 
Once upon a time there was a milk technologist, he had just produced a new type of cheese, the Frama-Cheese. He produced it in his dairy and wanted to sell the cheese all over the world. He was aware that his cheese should remain unique so that he could continue to supply his customers with the unique and original enjoyment of his cheese in the long term. But how could he make sure that his cheese would not be exchanged on the way from his diary to the customer?

He thought: "Of course I have to get the cheese delivered by a trustworthy transport company. But what if the Frama-cheese is loaded from one truck to the next or even onto the ship? It could be that when the cheese is passed on, someone maliciously replaces the cheese, regardless of whether the transport company is considered safe. So, the milk technologist concluded: "I have to hand over my Frama-cheese to the transport company packed in a secure case. This way, no one can exchange the delivery during the restacking process. I then let the end customer know separately how to open the case."

From the example into practice

As with our cheese example, sending an e-mail message is similar. The TLS (Transport Layer Security) protocol ensures that an e-mail message is encrypted on its way, in our example the trustworthy transporter with his truck. Nobody can see the cheese in the truck, so nobody can see an e-mail message that is on its way with TLS. TLS therefore plays an important role in securing e-mail communication. But what happens now, if the e-mail message is passed on or, like the cheese, is rearranged. Suddenly, people who don't have the authority to do so can get to the cheese. The same happens with an e-mail message. TLS thus ensures encrypted transport but does not protect against unauthorized access when the e-mail message is transferred from one server to another. If the message reaches an intermediate server, it will sort of be reshuffled there, stored in plain text and can be viewed. In order to avoid this problem, the e-mail message content must be encrypted, i.e. transported in a secure container, so almost like the Frama-cheese. To open the encrypted message, the recipient then needs the corresponding key.

Distinction TLS 1.2 to TLS 1.3

Basically, today (2020) many e-mails are already transported encrypted (approx. 90%), but TLS is not just TLS! The most commonly used version is TLS 1.2, but since 2018 TLS 1.3 has been available, which further improves security when transporting e-mail messages. In version 1.3, old encryption algorithms have been removed and many things have been simplified by revising the protocol. Administrators and developers can now make fewer mistakes when configuring the protocol, which significantly increases the security of version 1.3 compared to version 1.2.

But is an email sent via TLS secure or not? The answer is yes and no. In transit, the message is secure, but it is still available in plain text on the intermediate servers and can be viewed by people with access to the systems. Furthermore, mail servers try to send the messages with TLS 1.2, but if they fail, the messages are automatically sent with outdated versions of TLS or even in plain text, i.e. without TLS at all. This is happening without notice to the sender. This often occurs because the receiving mail server does not support TLS version 1.2 or TLS at all.

There are several solutions on the market that solve the problem of encrypted transport as well as the encryption of the e-mail message itself. One of these solutions is Frama Rmail, which can not only encrypt the transport of an e-mail message and the message content but has much more to offer. More information here: https://www.frama-rmail.com/en/rmail/

 
Bruno Stalder
Bruno Stalder
Head of IT at Frama AG

Comments are closed.