Knowledge Partner
Knowledge Partner
1765 views

O365 "secure" email

Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
email between responsible parties is encrypted in transit.

All this adds is an extra level of hassle and no benefit?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

Labels (1)
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

On Thu, 11 Apr 2019 17:11:05 GMT, Anders Gustafsson
<andersg@no-mx.forums.microfocus.com> wrote:

>Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
>email between responsible parties is encrypted in transit.
>
>All this adds is an extra level of hassle and no benefit?


What are you referring to?

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

KeN Etter,
> What are you referring to?


When people send an "encrypted" email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

On 12.04.2019 10:18, Anders Gustafsson wrote:
> KeN Etter,
>> What are you referring to?

>
> When people send an "encrypted" email from O365 you get a link to
> login. There you can log in with O365 credentials or via an one-time
> password mailed to your mailaddress. What extra protection does that
> give?
>

LOL

--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: O365 "secure" email

AndersG;2498252 wrote:
KeN Etter,
> What are you referring to?


When people send an "encrypted" email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html


The recipient has to be really really keen to read your email....that's the protection 😄

Visit my Website for links to Cool Solution articles.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: O365 "secure" email

On 11/04/2019 18:11, Anders Gustafsson wrote:
> Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
> email between responsible parties is encrypted in transit.
>
> All this adds is an extra level of hassle and no benefit?


it's an oracle based encryption system meant to compete with cisco's
CRES offering (and pgp universal gateway, zixmail and similar) which
traditionally can be used with on-premise exchange, but obviously not o365.

TLS for SMTP can be trivially broken in MITM attacks by hiding the
"STARTTLS" offer during ehlo. Cisco routers certainly used to do that
by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
insist on TLS.

0 Likes
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

ScorpionSting,
> The recipient has to be really really keen to read your email....that's
> the protection 😄


So true 🙂

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

Dave Howe,
> TLS for SMTP can be trivially broken in MITM attacks by hiding the
> "STARTTLS" offer during ehlo.


That is true, but what additional protection does the O365-way give?
None IMHO.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Knowledge Partner
Knowledge Partner

Re: O365 "secure" email

On Fri, 12 Apr 2019 08:18:08 GMT, Anders Gustafsson
<andersg@no-mx.forums.microfocus.com> wrote:

>KeN Etter,
>> What are you referring to?

>
>When people send an "encrypted" email from O365 you get a link to
>login. There you can log in with O365 credentials or via an one-time
>password mailed to your mailaddress. What extra protection does that
>give?


🙂

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: O365 "secure" email

On 12/04/2019 12:50, Anders Gustafsson wrote:
> Dave Howe,
>> TLS for SMTP can be trivially broken in MITM attacks by hiding the
>> "STARTTLS" offer during ehlo.

>
> That is true, but what additional protection does the O365-way give?
> None IMHO.


a little, but very little. The same is true of the other offerings I
mentioned though; MS is offering this to compete in a market, and is not
noticeably worse than most (although I note pgp universal *will* allow
you to log onto it and upload your pgp key, so future emails are
conventionally encrypted with pgp, rather than using their "oracle" system.)

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.