A team of independent researchers better safetys along with major tech companies in Silicon Valley filed last Friday, March 18, 2016, a proposal for a new e-mail protocol called SMTP STS (Strict Transport Security).
The SMTP there was never a secure protocol, mainly because at the time 1982 was invented, online surveillance was not such a big problem among the few thousands of computers that were connected to the Internet at the time.
As the Web developed, first the hackers appeared and then the criminals of the space, the companies technologyς έφεραν την επέκταση STARTTLS στο STMP, ως μέθοδος στη χρήση κρυπτογραφημένων καναλιών για την αποστολή μηνυμάτων ηλεκτρονικού ταχυδρομείου.
Unfortunately, STARTTLS was never as secure as originally intended, mainly due to a series of design flaws that allowed attackers to fool them. servers to tell the sender that they do not support encryption and that they should send the data in plain text.
This is exactly the hole security researchers are trying to fix with this new extension of the SMTP protocol called STS.
In theory, this new extension looks like HTTPS's HTTP Strict Transport Security (HSTS) extension. Just like HSTS, SMTP STS checks the confidentiality of the message and the authenticity of the server and thus proceeds to the startup process of an encrypted e-mail communication channel.
STMP STS will allow two e-mail servers to cryptographically authenticate each other and decide in a secure way whether to use encryption, whether encryption is supported, and what to do if they do not supported.
Among the biggest names of companies participating in this effort are Microsoft, Google, Yahoo, LinkedIn, and Comcast. Currently, the proposal is only a draft specification to the IEEE (Internet Engineering Task Force), but judging by how many large companies are involved, chances are we'll see it as an official specification very soon.
Last year, Oracle had submitted a similar proposal called DEEP (Deployable Enhanced Email Privacy).
