Google: TLS is not enough

Feb 12, 2016

We welcome Google’s announcement that they will be making secure email transport information available to users. Securing internet services, and particularly email, from pervasive monitoring by governments and criminals is vital to maintaining public trust in those services.

Open-Xchange recently hosted a Trusted Email Services roundtable in London where service providers from across Europe discussed how best to use open standards to secure email. While we support Google’s decision to make TLS transport encryption more visible to end-users, we also strongly recommend that they and other providers start to implement more rigorous standards such as DNSSEC and DANE to ensure that the email transport is fully secure. Although opportunistic TLS is more secure than cleartext transport, it is still subject to downgrade attacks and DNS spoofing, meaning it can lead users into a false sense of security.

Additionally, TLS is just one piece of the privacy and security puzzle; end-to-end encryption, such as that provided by OpenPGP, is also an extremely important tool for privacy protection, particularly when combined with secure transport – as Google themselves notes.

Together with the other software vendors and service providers in the Trusted Email Services initiative we take the view that by working together to make services secure, we can maintain public trust in those services.

 

About the author

Neil Cook

Neil Cook

PowerDNS Head of Product

Related Articles

Another great CloudFest has passed…

Last week, the Open-Xchange team was at Europa-Park in Rust, Germany for CloudFest 2023. It was a very different event to...

Thorsten Einig Mar 30, 2023

PowerDNS @ Network X 2022

This year, for the first time, Network X took place in Amsterdam, the Netherlands. As a new format, Network X combines the...

Cord Stukenberg Oct 25, 2022

OX @ Events in 2020

Following on the success of various events in 2019, we plan to continue the momentum into 2020 with a number of exciting...

John Broomfield Feb 14, 2020

Open-Xchange at FOSDEM 2020: When will messaging via email crash...

In February Open-Xchange are returning to Brussels for FOSDEM, Europe’s leading gathering of the open source community. A...

Robert Virkus Jan 16, 2020