StartTLS

About StartTLS

StartTLS is used to encrypt the network connection between mail providers when they relay email.

Things that are great about StartTLS:

  • It is easy to use, you don’t have to think about it.
  • It allows protection of meta-data from dragnet surveillance.

Disadvantages:

  • The user has no way to prove that a particular message was transmitted securely.

Riseup practices StartTLS verification with some of the other activist email providers.

A horrible email journey

  • Red: Insecure, email can be read by a listener (or email headers if the body is encrypted with OpenPGP)
  • Green: Secure, the transport is encrypted.

A better email journey

An email journey with StartTLS