Differences

This shows you the differences between two versions of the page.

--- pgpfan:starttls [2020/06/22 02:31] – created b.walzer
+++ pgpfan:starttls [2021/11/23 12:56] (current) – [Checking for STARTTLS] highlight b.walzer
@@ Line 13: / Line 13: @@
 =====Bad News=====
-STARTTLS as implemented now is fairly easy to interfere with on the network. Someone who can change traffic on the network can force the email servers to downgrade to no encryption at all.
+STARTTLS as implemented now is fairly easy to interfere with on the network. Someone who can change traffic on the network can force the email servers to downgrade to no encryption at all. If such interference is done on a wide scale it would be publicly noticed so such attacks would be directed against particular entities in most political environments.
 STARTTLS does not protect email on any email servers used. The operators of those servers have complete and easy access to your emails.
@@ Line 25: / Line 25: @@
 In some cases it might be useful to know if STARTTLS is being used between you and a particular correspondent. That information is available in the header of the email. Search through the header information until you find the ''Received:'' section that corresponds to your email server (usually the first one). An example:
-<code email>
+<code email [highlight_lines_extra="2"]>
 Received: from mail-dm6nam12olkn2107.outbound.protection.outlook.com ([40.93.27.101] helo=NAM12-DM6-obe.outbound.protection.outlook.com)
         by mail.example.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
@@ Line 37: / Line 37: @@
 Because the email headers can be changed by someone interfering with the network connection a finding of "STARTTLS used" is not entirely definite. A finding of "STARTTLS not used" is quite definite.
+[[pgpfan:index|PGP FAN index]]