Donate
‹ Back
Deploy360 3 July 2014

STARTTLS Everywhere

EFF_logo

The Electronic Frontier Foundation(EFF) has launched the STARTTLS Everywhere project in an effort to encrypt more communication between Simple Mail Transfer Protocol(SMTP) Message Transfer Agents(MTAs). STARTTLS is an effort to employ Transport Layer Security(TLS) for many different Internet protocols. STARTTLS for SMTP is defined in RFC 3207.

Using STARTTLS, daemons first establish an unencrypted socket connection to their remote counterpart. Then before exchanging authentication information a command will be sent to ‘start TLS’. At this point the connection hopefully shifts to an encrypted TLS connection. If the remote daemon does not support STARTTLS the near end may opt to continue unencrypted, or kill the connection.

Prior to the IETF’s ratification of STARTTLS, specific ports were reserved with IANA for encrypted communications for each protocol. STARTTLS obviates the need for these well known ports since the negotiation of the encrypted channel can occur on the unencrypted port.

While somewhat confusing given its title, the STARTTLS Everywhere project focuses exclusively on delivering a STARTTLS library for SMTP MTAs. STARTTLS for SMTP is an intermediate encryption technology designed to be used until DNSSEC and DANE can be fully deployed.


If you would like to learn more about TLS for Applications, please visit our TLS for Applications resources. If you would like to learn more about DNSSEC, please visit our DNSSEC resources.

‹ Back

Related articles

TLS Developer Libraries
Transport Layer Security (TLS)11 July 2014

TLS Developer Libraries

To make the Internet more secure, Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL) needs to be...

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

Transport Layer Security (TLS) for Email
Building Trust2 October 2017

Transport Layer Security (TLS) for Email

Email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another. ...

Join the conversation with Internet Society members around the world