TLS and Encrypted Email

Unanswered Question
Feb 11th, 2009
User Badges:

We have a message filter to catch any Social Security Numbers that are sent outbound. We also have content filters to catch certain PHI terms or emails that contain the term {secure}. If the email is caught, it is encrypted and sent out with CRES. We are setting up TLS Required with most vendors especially now that they have TLS alerting. Is there a way for a message not to be Encrypted with CRES if the email establishes a TLS connection?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kluu_ironport Thu, 02/12/2009 - 09:32
User Badges:

The decision making to encrypt a message based on the email's "sensitive" information or privacy terms occurs somewhere in the middle of the email pipeline. Establishing a TLS connection generally occurs towards the end of the pipeline.

Since these two are occurring at different stages in the pipeline, it would be difficult to make the determination to not encrypt a message that was going over a TLS connection, because if you didn't encrypt it earlier on, it would be to late.

I would say it is better to be safe than sorry and just expend the resources and encrypt the data and then if you do or do not transmit over a TLS connection, at least you can rest assure that if someone intercepted the email in tranmission, they would only be getting encrypted data.

jwiegert1 Thu, 02/19/2009 - 16:01
User Badges:

We are setting it up for TLS required, so the email will not deliver unless we have a definite secure connection. This would seem like a good feature where TLS required would trigger a message to not encrypt

Donald Nash Mon, 02/23/2009 - 18:37
User Badges:

Message encryption (via CRES or other methods like PGP and S/MIME), is different from encrypted message transmission via TLS. The former encrypts the message from the origin all the way to the recipient's eyeballs. The latter only encrypts the message while it is in flight on one SMTP connection. The message is not protected on any other SMTP hops it may encounter (for example, if the destination mailbox is forwarded), nor is it protected when it is at rest in mail queues or the recipient's mailbox.

It is dangerous to assume that TLS provides message security. It does not. Even if the entire Internet switched to encrypted SMTP today, it still wouldn't, since messages would still be in the clear while at rest. If the content you want to protect is sensitive enough to warrant encryption via CRES, then don't bother worrying about TLS.

So what is TLS good for? It's very useful for encrypting passwords on authenticated SMTP connections. It can also thwart traffic analysis, since it encrypts the message envelope (which message encryption does not do). But the latter is only useful when you use TLS on the connections that the eavesdropper is likely to intercept.

jwiegert1 Mon, 02/23/2009 - 18:49
User Badges:

Good post. We did make the decision to do both TLS and CRES.

Thanks for your help.


This Discussion