Home

Results 1 to 10 of 10

Thread: O365 "secure" email

Hybrid View

  1. #1
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    O365 "secure" email

    Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    email between responsible parties is encrypted in transit.

    All this adds is an extra level of hassle and no benefit?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  2. #2

    Re: O365 "secure" email

    On Thu, 11 Apr 2019 17:11:05 GMT, Anders Gustafsson
    <andersg@no-mx.forums.microfocus.com> wrote:

    >Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    >email between responsible parties is encrypted in transit.
    >
    >All this adds is an extra level of hassle and no benefit?


    What are you referring to?

    --
    Ken
    Knowledge Partner

    Create and vote for enhancements!
    https://www.microfocus.com/products/...t-request.html

  3. #3
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: O365 "secure" email

    KeN Etter,
    > What are you referring to?


    When people send an "encrypted" email from O365 you get a link to
    login. There you can log in with O365 credentials or via an one-time
    password mailed to your mailaddress. What extra protection does that
    give?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  4. #4
    Join Date
    Sep 2007
    Location
    Cologne, Germany
    Posts
    5,682

    Re: O365 "secure" email

    On 12.04.2019 10:18, Anders Gustafsson wrote:
    > KeN Etter,
    >> What are you referring to?

    >
    > When people send an "encrypted" email from O365 you get a link to
    > login. There you can log in with O365 credentials or via an one-time
    > password mailed to your mailaddress. What extra protection does that
    > give?
    >

    LOL

    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de

  5. #5
    Join Date
    Dec 2007
    Location
    Melbourne, Victoria, Australia
    Posts
    1,304

    Re: O365 "secure" email

    Quote Originally Posted by AndersG View Post
    KeN Etter,
    > What are you referring to?


    When people send an "encrypted" email from O365 you get a link to
    login. There you can log in with O365 credentials or via an one-time
    password mailed to your mailaddress. What extra protection does that
    give?

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html
    The recipient has to be really really keen to read your email....that's the protection
    Visit my Website for links to Cool Solution articles.

  6. #6
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: O365 "secure" email

    ScorpionSting,
    > The recipient has to be really really keen to read your email....that's
    > the protection


    So true

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  7. #7

    Re: O365 "secure" email

    On Fri, 12 Apr 2019 08:18:08 GMT, Anders Gustafsson
    <andersg@no-mx.forums.microfocus.com> wrote:

    >KeN Etter,
    >> What are you referring to?

    >
    >When people send an "encrypted" email from O365 you get a link to
    >login. There you can log in with O365 credentials or via an one-time
    >password mailed to your mailaddress. What extra protection does that
    >give?


    :-)

    --
    Ken
    Knowledge Partner

    Create and vote for enhancements!
    https://www.microfocus.com/products/...t-request.html

  8. #8
    Dave Howe NNTP User

    Re: O365 "secure" email

    On 11/04/2019 18:11, Anders Gustafsson wrote:
    > Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
    > email between responsible parties is encrypted in transit.
    >
    > All this adds is an extra level of hassle and no benefit?


    it's an oracle based encryption system meant to compete with cisco's
    CRES offering (and pgp universal gateway, zixmail and similar) which
    traditionally can be used with on-premise exchange, but obviously not o365.

    TLS for SMTP can be trivially broken in MITM attacks by hiding the
    "STARTTLS" offer during ehlo. Cisco routers certainly used to do that
    by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
    insist on TLS.


  9. #9
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: O365 "secure" email

    Dave Howe,
    > TLS for SMTP can be trivially broken in MITM attacks by hiding the
    > "STARTTLS" offer during ehlo.


    That is true, but what additional protection does the O365-way give?
    None IMHO.

    --
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)

    Have an idea for a product enhancement? Please visit:
    https://www.novell.com/products/enha...t-request.html


  10. #10
    Dave Howe NNTP User

    Re: O365 "secure" email

    On 12/04/2019 12:50, Anders Gustafsson wrote:
    > Dave Howe,
    >> TLS for SMTP can be trivially broken in MITM attacks by hiding the
    >> "STARTTLS" offer during ehlo.

    >
    > That is true, but what additional protection does the O365-way give?
    > None IMHO.


    a little, but very little. The same is true of the other offerings I
    mentioned though; MS is offering this to compete in a market, and is not
    noticeably worse than most (although I note pgp universal *will* allow
    you to log onto it and upload your pgp key, so future emails are
    conventionally encrypted with pgp, rather than using their "oracle" system.)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •