Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Simple Mail Transfer Protocol
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====STARTTLS or "Opportunistic TLS"==== {{Main|Opportunistic TLS|Email encryption}} The STARTTLS extensions enables supporting SMTP servers to notify connecting clients that it supports [[Transport Layer Security|TLS]] encrypted communication and offers the opportunity for clients to upgrade their connection by sending the STARTTLS command. Servers supporting the extension do not inherently gain any security benefits from its implementation on its own, as upgrading to a [[Transport Layer Security|TLS]] encrypted session is dependent on the connecting client deciding to exercise this option, hence the term [[Opportunistic TLS|''opportunistic'' TLS]]. STARTTLS is effective only against passive observation attacks, since the STARTTLS negotiation happens in plain text and an active attacker can trivially remove STARTTLS commands. This type of [[man-in-the-middle attack]] is sometimes referred to as [[STRIPTLS]], where the encryption negotiation information sent from one end never reaches the other. In this scenario both parties take the invalid or unexpected responses as indication that the other does not properly support STARTTLS, defaulting to traditional plain-text mail transfer.<ref name=":0">{{Cite web|url=https://www.hardenize.com/blog/mta-sts|title=Introducing MTA Strict Transport Security (MTA-STS) {{!}} Hardenize Blog|website=www.hardenize.com|access-date=2019-04-25|archive-date=April 25, 2019|archive-url=https://web.archive.org/web/20190425063147/https://www.hardenize.com/blog/mta-sts|url-status=live}}</ref> Note that STARTTLS is also defined for [[Internet Message Access Protocol|IMAP]] and [[Post Office Protocol|POP3]] in other RFCs, but these protocols serve different purposes: SMTP is used for communication between message transfer agents, while IMAP and POP3 are for end clients and message transfer agents. In 2014 the [[Electronic Frontier Foundation]] began "STARTTLS Everywhere" project that, similarly to "[[HTTPS Everywhere]]" list, allowed relying parties to discover others supporting secure communication without prior communication. The project stopped accepting submissions on 29 April 2021, and EFF recommended switching to [[DNS-based Authentication of Named Entities|DANE]] and MTA-STS for discovering information on peers' TLS support.<ref>{{cite web |title=STARTTLS Everywhere |url=https://starttls-everywhere.org/ |publisher=EFF |access-date=4 December 2021 |language=en |archive-date=August 9, 2019 |archive-url=https://web.archive.org/web/20190809085808/https://www.starttls-everywhere.org/ |url-status=live }}</ref> {{IETF RFC|8314|}} officially declared plain text obsolete and recommend always using TLS for mail submission and access, adding ports with implicit TLS.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Simple Mail Transfer Protocol
(section)
Add topic
