Presented by:

9fc9940df3cf42e0af4d14dca16edc7c

Sydney Li

from Electronic Frontier Foundation

Sydney is a Staff Technologist at the Electronic Frontier Foundation. She primarily works on EFF's initiative to secure all TCP packets, like finally securing email delivery via STARTTLS Everywhere. In the past she has also developed on the Let's Encrypt Certbot client, which secures communications with web users via HTTPS. Otherwise, she cares a lot about decentralizing state and corporate power, censorship resistance, puzzles, 2D illustration, and noodles.

For years the SMTP protocol that email servers use to deliver your mail over the Internet has had an encryption option, called STARTTLS. This server-to-server encryption feature has only recently become common, and the way it's typically used is still very fragile. An attacker can trick servers into turning off the encryption (downgrade) or using the wrong encryption key (man-in-the-middle). This talk will be centered on a demo of the problems and work we and others have been doing to fix them.

First, I'll break the encrypted connection between two demo mailservers, showing that we can intercept or modify emails even when server admins think they've turned on encrypted email delivery. Then, I'll talk about why this is possible and the different solutions the ecosystem is working towards to solve the problem, including DANE, MTA-STS, and how our STARTTLS Everywhere project fits in. Finally, I'm going to fortify the TLS support on some Postfix mailservers, with brand-new tooling released in the past year.

Date:
2019 April 28 - 10:45
Duration:
45 min
Room:
CC-200
Conference:
LinuxFest Northwest 2019
Language:
Track:
Security
Difficulty:
Easy

Happening at the same time:

  1. Steganography - Hiding In Plain Sight
  2. Start Time:
    2019 April 28 10:45

    Room:
    CC-114

  3. What Was Old is New Again
  4. Start Time:
    2019 April 28 10:45

    Room:
    CC-208

  5. Lambda Calculus for the Practicing Programmer
  6. Start Time:
    2019 April 28 10:45

    Room:
    HC-104 Jupiter

  7. Paradux: Recovering From Maximum Personal Data Disaster
  8. Start Time:
    2019 April 28 10:45

    Room:
    HC-108

  9. Sex, Secret and God: A Brief History of Bad Passwords
  10. Start Time:
    2019 April 28 10:45

    Room:
    G-103

  11. Past, Present & Future of Blockchain
  12. Start Time:
    2019 April 28 10:45

    Room:
    CC-235

  13. We can fix email server encryption!
  14. Start Time:
    2019 April 28 10:45

    Room:
    CC-200

  15. CompTIA's NEW Linux+ Certification - All You Need to Know!
  16. Start Time:
    2019 April 28 10:45

    Room:
    CC-115

  17. Introducing Snaps and Snapcraft
  18. Start Time:
    2019 April 28 10:45

    Room:
    CC-202 Tutorials

  19. PostgreSQL: An Introduction to BARMAN
  20. Start Time:
    2019 April 28 10:45

    Room:
    HC-103 Postgres

  21. Web of Things API
  22. Start Time:
    2019 April 28 10:45

    Room:
    CC-236