Seriusly… What is the point? We have had TLS for SMTP > 10 years so
email between responsible parties is encrypted in transit.
All this adds is an extra level of hassle and no benefit?
–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html
On Thu, 11 Apr 2019 17:11:05 GMT, Anders Gustafsson
andersg@no-mx.forums.microfocus.com wrote:
[color=blue]
Seriusly… What is the point? We have had TLS for SMTP > 10 years so
email between responsible parties is encrypted in transit.All this adds is an extra level of hassle and no benefit?[/color]
What are you referring to?
–
Ken
Knowledge Partner
Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
KeN Etter,[color=blue]
What are you referring to?[/color]
When people send an “encrypted” email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?
–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html
On 12.04.2019 10:18, Anders Gustafsson wrote:[color=blue]
KeN Etter,[color=green]
What are you referring to?[/color]
When people send an “encrypted” email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?
[/color]
LOL
–
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
AndersG;2498252 Wrote:[color=blue]
KeN Etter,[color=green]
What are you referring to?[/color]
When people send an “encrypted” email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html[/color]
The recipient has to be really really keen to read your email…that’s
the protection 
ScorpionSting’s Profile: https://forums.novell.com/member.php?userid=1663
View this thread: https://forums.novell.com/showthread.php?t=511938
On 11/04/2019 18:11, Anders Gustafsson wrote:[color=blue]
Seriusly… What is the point? We have had TLS for SMTP > 10 years so
email between responsible parties is encrypted in transit.All this adds is an extra level of hassle and no benefit?[/color]
it’s an oracle based encryption system meant to compete with cisco’s
CRES offering (and pgp universal gateway, zixmail and similar) which
traditionally can be used with on-premise exchange, but obviously not o365.
TLS for SMTP can be trivially broken in MITM attacks by hiding the
“STARTTLS” offer during ehlo. Cisco routers certainly used to do that
by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
insist on TLS.
ScorpionSting,[color=blue]
The recipient has to be really really keen to read your email…that’s
the protection :D[/color]
So true 
–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html
Dave Howe,[color=blue]
TLS for SMTP can be trivially broken in MITM attacks by hiding the
“STARTTLS” offer during ehlo.[/color]
That is true, but what additional protection does the O365-way give?
None IMHO.
–
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html
On Fri, 12 Apr 2019 08:18:08 GMT, Anders Gustafsson
andersg@no-mx.forums.microfocus.com wrote:
[color=blue]
KeN Etter,[color=green]
What are you referring to?[/color]
When people send an “encrypted” email from O365 you get a link to
login. There you can log in with O365 credentials or via an one-time
password mailed to your mailaddress. What extra protection does that
give?[/color]
–
Ken
Knowledge Partner
Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
On 12/04/2019 12:50, Anders Gustafsson wrote:[color=blue]
Dave Howe,[color=green]
TLS for SMTP can be trivially broken in MITM attacks by hiding the
“STARTTLS” offer during ehlo.[/color]That is true, but what additional protection does the O365-way give?
None IMHO.[/color]
a little, but very little. The same is true of the other offerings I
mentioned though; MS is offering this to compete in a market, and is not
noticeably worse than most (although I note pgp universal will allow
you to log onto it and upload your pgp key, so future emails are
conventionally encrypted with pgp, rather than using their “oracle” system.)