The Electronic Frontier Foundation(EFF) has launched the STARTTLS Everywhere project in an effort to encrypt more communication between Simple Mail Transfer Protocol(SMTP) Message Transfer Agents(MTAs). STARTTLS is an effort to employ Transport Layer Security(TLS) for many different Internet protocols. STARTTLS for SMTP is defined in RFC 3207.
Using STARTTLS, daemons first establish an unencrypted socket connection to their remote counterpart. Then before exchanging authentication information a command will be sent to ‘start TLS’. At this point the connection hopefully shifts to an encrypted TLS connection. If the remote daemon does not support STARTTLS the near end may opt to continue unencrypted, or kill the connection.
Prior to the IETF’s ratification of STARTTLS, specific ports were reserved with IANA for encrypted communications for each protocol. STARTTLS obviates the need for these well known ports since the negotiation of the encrypted channel can occur on the unencrypted port.
While somewhat confusing given its title, the STARTTLS Everywhere project focuses exclusively on delivering a STARTTLS library for SMTP MTAs. STARTTLS for SMTP is an intermediate encryption technology designed to be used until DNSSEC and DANE can be fully deployed.
If you would like to learn more about TLS for Applications, please visit our TLS for Applications resources. If you would like to learn more about DNSSEC, please visit our DNSSEC resources.