Results 1 to 10 of 10

Thread: O365 "secure" email

  1. #1

    O365 "secure" email

    Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    email between responsible parties is encrypted in transit.

    All this adds is an extra level of hassle and no benefit?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  2. #2

    Re: O365 "secure" email

    On Thu, 11 Apr 2019 17:11:05 GMT, Anders Gustafsson
    <andersg@no-mx.forums.microfocus.com> wrote:

    >Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    >email between responsible parties is encrypted in transit.
    >
    >All this adds is an extra level of hassle and no benefit?


    What are you referring to?

    --
    Ken
    Knowledge Partner

    Create and vote for enhancements!
    https://www.microfocus.com/products/...t-request.html

  3. #3

    Re: O365 "secure" email

    KeN Etter,
    > What are you referring to?


    When people send an "encrypted" email from O365 you get a link to
    login. There you can log in with O365 credentials or via an one-time
    password mailed to your mailaddress. What extra protection does that
    give?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  4. Re: O365 "secure" email

    On 12.04.2019 10:18, Anders Gustafsson wrote:
    > KeN Etter,
    >> What are you referring to?

    >
    > When people send an "encrypted" email from O365 you get a link to
    > login. There you can log in with O365 credentials or via an one-time
    > password mailed to your mailaddress. What extra protection does that
    > give?
    >

    LOL

    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de

  5. Re: O365 "secure" email


    AndersG;2498252 Wrote:
    > KeN Etter,
    > > What are you referring to?

    >
    > When people send an "encrypted" email from O365 you get a link to
    > login. There you can log in with O365 credentials or via an one-time
    > password mailed to your mailaddress. What extra protection does that
    > give?
    >
    > --
    > Anders Gustafsson (NKP)
    > The Aaland Islands (N60 E20)
    >
    > Have an idea for a product enhancement? Please visit:
    > https://www.novell.com/products/enha...t-request.html


    The recipient has to be really really keen to read your email....that's
    the protection


    --
    Visit my 'Website' (https://www.isag.melbourne/) for links to
    Cool Solution articles.
    ------------------------------------------------------------------------
    ScorpionSting's Profile: https://forums.novell.com/member.php?userid=1663
    View this thread: https://forums.novell.com/showthread.php?t=511938


  6. #6
    Dave Howe NNTP User

    Re: O365 "secure" email

    On 11/04/2019 18:11, Anders Gustafsson wrote:
    > Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    > email between responsible parties is encrypted in transit.
    >
    > All this adds is an extra level of hassle and no benefit?


    it's an oracle based encryption system meant to compete with cisco's
    CRES offering (and pgp universal gateway, zixmail and similar) which
    traditionally can be used with on-premise exchange, but obviously not o365.

    TLS for SMTP can be trivially broken in MITM attacks by hiding the
    "STARTTLS" offer during ehlo. Cisco routers certainly used to do that
    by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
    insist on TLS.


  7. #7

    Re: O365 "secure" email

    ScorpionSting,
    > The recipient has to be really really keen to read your email....that's
    > the protection


    So true

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  8. #8

    Re: O365 "secure" email

    Dave Howe,
    > TLS for SMTP can be trivially broken in MITM attacks by hiding the
    > "STARTTLS" offer during ehlo.


    That is true, but what additional protection does the O365-way give?
    None IMHO.

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  9. #9

    Re: O365 "secure" email

    On Fri, 12 Apr 2019 08:18:08 GMT, Anders Gustafsson
    <andersg@no-mx.forums.microfocus.com> wrote:

    >KeN Etter,
    >> What are you referring to?

    >
    >When people send an "encrypted" email from O365 you get a link to
    >login. There you can log in with O365 credentials or via an one-time
    >password mailed to your mailaddress. What extra protection does that
    >give?


    :-)

    --
    Ken
    Knowledge Partner

    Create and vote for enhancements!
    https://www.microfocus.com/products/...t-request.html

  10. #10
    Dave Howe NNTP User

    Re: O365 "secure" email

    On 12/04/2019 12:50, Anders Gustafsson wrote:
    > Dave Howe,
    >> TLS for SMTP can be trivially broken in MITM attacks by hiding the
    >> "STARTTLS" offer during ehlo.

    >
    > That is true, but what additional protection does the O365-way give?
    > None IMHO.


    a little, but very little. The same is true of the other offerings I
    mentioned though; MS is offering this to compete in a market, and is not
    noticeably worse than most (although I note pgp universal *will* allow
    you to log onto it and upload your pgp key, so future emails are
    conventionally encrypted with pgp, rather than using their "oracle" system.)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •