The Circle of HOPE (2018): "Securing the Delivery of Email" (Download)
Sunday, July 22, 2018: 3:00 pm (Ritchie): In early 2014, research revealed the horrible state of email over TLS. About half of email was sent in plaintext and, for the email sent over TLS, half of those servers presented certificates that were invalid or self-signed. On top of this, some governments and ISPs were regularly downgrading SMTP connections to plaintext. Since then, there have been multiple efforts by IETF and large mail server operators to secure the delivery of email. This talk will summarize the state of secure email delivery in 2018 and discuss ongoing initiatives and efforts to protect against MitM and downgrade attacks, including MTA-STS, DANE, and STARTTLS Everywhere.