PDA

View Full Version : O365 "secure" email



AndersG
11-Apr-2019, 18:11
Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
email between responsible parties is encrypted in transit.

All this adds is an extra level of hassle and no benefit?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

ketter
11-Apr-2019, 21:16
On Thu, 11 Apr 2019 17:11:05 GMT, Anders Gustafsson
<andersg@no-mx.forums.microfocus.com> wrote:

>Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
>email between responsible parties is encrypted in transit.
>
>All this adds is an extra level of hassle and no benefit?

What are you referring to?

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html

AndersG
12-Apr-2019, 09:18
KeN Etter,
> What are you referring to?

When people send an "encrypted" email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

mrosen
12-Apr-2019, 09:51
On 12.04.2019 10:18, Anders Gustafsson wrote:
> KeN Etter,
>> What are you referring to?
>
> When people send an "encrypted" email from O365 you get a link to
> login. There you can log in with O365 credentials or via an one-time
> password mailed to your mailaddress. What extra protection does that
> give?
>
LOL

--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de

ScorpionSting
12-Apr-2019, 10:34
AndersG;2498252 Wrote:
> KeN Etter,
> > What are you referring to?
>
> When people send an "encrypted" email from O365 you get a link to
> login. There you can log in with O365 credentials or via an one-time
> password mailed to your mailaddress. What extra protection does that
> give?
>
> --
> Anders Gustafsson (NKP)
> The Aaland Islands (N60 E20)
>
> Have an idea for a product enhancement? Please visit:
> https://www.novell.com/products/enhancement-request.html

The recipient has to be really really keen to read your email....that's
the protection :D


--
Visit my 'Website' (https://www.isag.melbourne/) for links to
Cool Solution articles.
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.novell.com/member.php?userid=1663
View this thread: https://forums.novell.com/showthread.php?t=511938

Dave Howe
12-Apr-2019, 10:53
On 11/04/2019 18:11, Anders Gustafsson wrote:
> Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
> email between responsible parties is encrypted in transit.
>
> All this adds is an extra level of hassle and no benefit?

it's an oracle based encryption system meant to compete with cisco's
CRES offering (and pgp universal gateway, zixmail and similar) which
traditionally can be used with on-premise exchange, but obviously not o365.

TLS for SMTP can be trivially broken in MITM attacks by hiding the
"STARTTLS" offer during ehlo. Cisco routers certainly used to do that
by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
insist on TLS.

AndersG
12-Apr-2019, 12:50
ScorpionSting,
> The recipient has to be really really keen to read your email....that's
> the protection :D

So true :)

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

AndersG
12-Apr-2019, 12:50
Dave Howe,
> TLS for SMTP can be trivially broken in MITM attacks by hiding the
> "STARTTLS" offer during ehlo.

That is true, but what additional protection does the O365-way give?
None IMHO.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

ketter
12-Apr-2019, 15:31
On Fri, 12 Apr 2019 08:18:08 GMT, Anders Gustafsson
<andersg@no-mx.forums.microfocus.com> wrote:

>KeN Etter,
>> What are you referring to?
>
>When people send an "encrypted" email from O365 you get a link to
>login. There you can log in with O365 credentials or via an one-time
>password mailed to your mailaddress. What extra protection does that
>give?

:-)

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html

Dave Howe
18-Apr-2019, 14:04
On 12/04/2019 12:50, Anders Gustafsson wrote:
> Dave Howe,
>> TLS for SMTP can be trivially broken in MITM attacks by hiding the
>> "STARTTLS" offer during ehlo.
>
> That is true, but what additional protection does the O365-way give?
> None IMHO.

a little, but very little. The same is true of the other offerings I
mentioned though; MS is offering this to compete in a market, and is not
noticeably worse than most (although I note pgp universal *will* allow
you to log onto it and upload your pgp key, so future emails are
conventionally encrypted with pgp, rather than using their "oracle" system.)