Google, Microsoft, Yahoo, Comcast and other leading tech giants have come together to develop advanced encrypted email that will provide protection against man-in-the-middle (MITM) hacks.
Engineers from the firms and those at LinkedIn 1&1 Mail and Media Development & Technology have submitted a new proposal to the Internet Engineering Task Force (IETF) for consideration. Research conducted by the engineers, whimsically titled "Neither Snow Nor Rain Nor MITM", suggests a new, more secure, approach for the Simple Mail Transfer Protocol (SMTP).
The SMTP has been around since the 1980s but was not built with encryption options. In 2002, a new extension called STARTTLS was introduced to ensure a more secure transport mechanism. The extension was a way by which Transport Layer Security (TLS) could be incorporated with SMTP connections. Unfortunately, the extension failed to be adopted widely, causing the security measure to fall through and emails to remain unencrypted.
STARTTLS also has a vulnerability that allows hackers to intercept emails, since the protocol uses opportunistic encryption, which fails to validate a server's digital certificate, yet still sends the email. This loophole allows hackers to decrypt emails using the man-in-the-middle technique, thus nullifying the purpose of encryption in the first place.
The new proposal has been designed to address this issue. It suggests preventing an email from being delivered at all, in case it cannot be sent securely. It has also been designed to check and ensure that email's digital certificate is valid and to inform the sender in case it is invalid, which then will not be delivered.
The draft is currently at the proposal stage, but if it does pass muster encrypted emails could soon become a reality. With the world's leading tech firms backing the proposal, the likelihood for enhanced email encryption is better than ever before.