Link to info about STARTTLS

This commit is contained in:
Bob Mottram 2014-11-11 21:14:26 +00:00
parent fc07be049b
commit 9213881f3f
2 changed files with 3 additions and 3 deletions

View File

@ -23,7 +23,7 @@ You should transfer any passwords to a password manager such as [[http://www.kee
To exit you can either just close the terminal or use *CTRL-x CTRL-c* followed by the *exit* command. To exit you can either just close the terminal or use *CTRL-x CTRL-c* followed by the *exit* command.
* Using Email * Using Email
** A technical note about email transport security ** A technical note about email transport security
Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are possible attacks against STARTTLS in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties. Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are [[https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks][possible attacks against STARTTLS]] in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
** Add a password to your GPG key ** Add a password to your GPG key
If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password. If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.

View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<title></title> <title></title>
<!-- 2014-10-27 Mon 22:46 --> <!-- 2014-11-11 Tue 21:13 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" /> <meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" /> <meta name="author" content="Bob Mottram" />
@ -223,7 +223,7 @@ To exit you can either just close the terminal or use <b>CTRL-x CTRL-c</b> follo
<h3 id="unnumbered-3">A technical note about email transport security</h3> <h3 id="unnumbered-3">A technical note about email transport security</h3>
<div class="outline-text-3" id="text-unnumbered-3"> <div class="outline-text-3" id="text-unnumbered-3">
<p> <p>
Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are possible attacks against STARTTLS in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties. Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are <a href="https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks">possible attacks against STARTTLS</a> in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
</p> </p>
</div> </div>
</div> </div>