Saturday, May 09, 2009

Email Providers - Half a TLS Solution

Recently a person I had problems emailing due to issues with Postini told me that they were responding to my messages - but I am not getting them. I had looked up this person's mail server information and it looks as though that mail server supports TLS. However apparently that is only TLS inbound, and not outbound.

What is the point of mail services that only provide one way TLS encryption? That's only half a solution.

I believe the mail provider in this case is BlueHost - an ISP which I believe is out of Denver - however there are so many other webmail and Exchange and other mail solutions that do not provide two way TLS encrytpion it is almost impossible to find a complete end to end solution.

In fact, if you try to find a mail provide that does provide two way TLS enforcement that works with Exchange and allows you to have your own Postini account...good luck.

On top of that even if you find TLS enforcement both ways, I've been following the email list from the ITEF on TLS and apparently depending on how each aspect of TLS is set up and implemented may affect whether or the particular implementation of TLS is actually very secure. It's like a chain - and a chain is only as strong as it's weakest link.

I'm not a TLS expert but I can figure out enough from reading what's going on that there may be one small piece of the TLS implementation that basically undermines the whole set up.