dslreports logo
site
spacer

spacer
 
   
spc
story category
Google Highlights Lack of E-mail Encryption, Offers New Tool
by Karl Bode 05:44PM Wednesday Jun 04 2014
A new section in Google's transparency report takes aim at the ISPs and e-mail providers that fail to use encryption. According to data collected from Google's 425 million worldwide gmail users, the company estimates that around 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted. Encryption obviously only works if both sides of an e-mail transaction have have Transport Layer Security, or TLS, enabled.

Click for full size
To help, Google has released the source code for a Chrome encryption plugin aimed at simplifying encrypted e-mail. The company's End to End plugin uses OpenPGP within the browser, with the company's FAQ offering more detail on how users can help test it.

"...You won’t find the End-to-End extension in the Chrome Web Store quite yet; we’re just sharing the code today so that the community can test and evaluate it, helping us make sure that it’s as secure as it needs to be before people start relying on it," notes Google. The company offers financial rewards via their Vulnerability Reward Program for those who find security bugs in Google code.

The full transparency report singles out the Comcast domain as lagging specifically when it comes to e-mail encryption. Comcast quickly responded, a company spokesman promising that Comcast would use broader encryption "within a matter of weeks" while insisting Comcast is "very aggressive about this."

view:
topics flat nest 

jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 edit

3 recommendations

Interesting Timing

The full transparency report singles out the Comcast domain as lagging specifically when it comes to e-mail encryption. Comcast quickly responded, a company spokesman promising that Comcast would use broader encryption "within a matter of weeks" while insisting Comcast is "very aggressive about this."

Improving this type of security is by its very nature a collaborative effort. In the inter-domain email encryption area companies have been working steadily towards deployment and I don’t think there are laggards among large domains. In fact there's a MAAWG panel next week on this very topic (Google and Comcast are both on the panel with the objective of urging others to adopt) and I expect domains will make more progress at that meeting.

Comcast is currently in beta testing of TLS encryption of domain-to-domain email messaging with several large domains (as most other MAAWG members will certainly know). With respect to Google, since Gmail is a large domain, we plan to gradually ramp up encryption with Gmail in the coming weeks. Going forward, we'll also implement it with others who adopt it as well.
--
JL
Comcast

verolom

join:2002-03-23
Reston, VA

Re: Interesting Timing

Jason,

Comcast could perhaps start with encrypting Zimbra webmail.

jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

Re: Interesting Timing

said by verolom:

Comcast could perhaps start with encrypting Zimbra webmail.

Coming very soon!
--
JL
Comcast

technologiq

join:2000-08-08
Reno, NV

1 recommendation

Comcast 'cares'

The *ONLY* reason Comcast is issuing any kind response to this is because of the TWC merger. Kind of sad really.

jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

Re: Comcast 'cares'

said by technologiq:

The *ONLY* reason Comcast is issuing any kind response to this is because of the TWC merger. Kind of sad really.

I understand your skepticism. But we've been proactive on a range of similar things, from IPv6, to DNSSEC, to malware detection. We work on collaborative efforts like this at MAAWG, IETF, and elsewhere, and have for many years as well. I view this as a continuation of what we have been doing for a long while.
--
JL
Comcast

newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
kudos:1
Reviews:
·DIRECTV
·Comcast

1 recommendation

Re: Comcast 'cares'

said by jlivingood:

I understand your skepticism. But we've been proactive on a range of similar things, from IPv6 ...

It's my understanding that Comcast's headlong dive into IPv6 was more self-serving than altruistic.

quote:
Comcast (a large cable operator based in the USA) moved to IPv6 because it was in need of over 100 million addresses. Simple projections showed Comcast that the number of IP addresses that Comcast would need in order to support its future growth in terms of subscriber base, as well as to be able to leverage potential new services, exceeded those available. In fact, estimations were that within a few years, Comcast would have some 20 million video customers, an average of 2.5 set-top boxes per customer, and 2 IP addresses per box. If these estimates are correct, the company will be needing over 100 million IP addresses.
»ipv6now.com.au/primers/IPv6Advantages.php


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

4 recommendations

Re: Comcast 'cares'

said by newview:

It's my understanding that Comcast's headlong dive into IPv6 was more self-serving than altruistic.

quote:
Comcast (a large cable operator based in the USA) moved to IPv6 because it was in need of over 100 million addresses. Simple projections showed Comcast that the number of IP addresses that Comcast would need in order to support its future growth in terms of subscriber base, as well as to be able to leverage potential new services, exceeded those available.

You have just described every ISP on the planet. There aren't more IPv4 addresses, and IPv6 is the future.
--
JL
Comcast

newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
kudos:1
Reviews:
·DIRECTV
·Comcast

1 recommendation

Re: Comcast 'cares'

said by jlivingood:

You have just described every ISP on the planet.

You're referring to the self-serving part? If so, yes ... I agree with that.
I find it somewhat mind-boggling that ISPs take a necessary growth path and attempt to spin it as something they are doing strictly for their customers.

netcool
Premium,VIP
join:2008-11-05
Englewood, CO
kudos:107

1 recommendation

Re: Comcast 'cares'

said by newview:

I find it somewhat mind-boggling that ISPs take a necessary growth path and attempt to spin it as something they are doing strictly for their customers.

They could have chosen to go with CGN. There are plenty of things to be critical about but I do not think this is one of them.

RARPSL

join:1999-12-08
Suffern, NY

1 recommendation

said by newview:

said by jlivingood:

I understand your skepticism. But we've been proactive on a range of similar things, from IPv6 ...

It's my understanding that Comcast's headlong dive into IPv6 was more self-serving than altruistic.

quote:
Comcast (a large cable operator based in the USA) moved to IPv6 because it was in need of over 100 million addresses. Simple projections showed Comcast that the number of IP addresses that Comcast would need in order to support its future growth in terms of subscriber base, as well as to be able to leverage potential new services, exceeded those available. In fact, estimations were that within a few years, Comcast would have some 20 million video customers, an average of 2.5 set-top boxes per customer, and 2 IP addresses per box. If these estimates are correct, the company will be needing over 100 million IP addresses.
»ipv6now.com.au/primers/IPv6Advantages.php

The quote is confusing two separate reasons for needing/using IPv6 addresses as opposed to IPv4 ones. So long as both ends of a session (such as connecting set-top boxes to the head-end) are over the ISP's private network IPv4 addresses such as Network 10 ones) are adequate (aside from the issue that IPv6 multi-casting is better than IPv4 multi-casting for such things as sending TV Broadcasting streams to the set-top boxes). It is only when the address has to be Internet routable (such as connecting a modem to the Internet) that the issue of the lack of IPv4 addresses assigned to the ISP becomes an issue.

carpetshark3
Premium
join:2004-02-12
Idledale, CO

Email encryption

Will it encrypt from Google itself, or is it just another way for Google to scan mail from another isp for advertising purposes?

ArrayList
netbus developer
Premium
join:2005-03-19
Brighton, MA
Reviews:
·RCN CABLE
·Comcast

Re: Email encryption

It encrypts the email from server to server, client to server and server to client. The email, on the server, should be formatted exactly as it always was.

There is nothing wrong with Google scanning email on their servers for advertising purposes. Give it a rest. If people want to use the gmail infrastructure, they can deal with it.
--
A sane approach to our federal budget: Ignore the tea party

DataRiker
Premium
join:2002-05-19
00000

Re: Email encryption

said by ArrayList:

It encrypts the email from server to server, client to server and server to client. The email, on the server, should be formatted exactly as it always was.

There is nothing wrong with Google scanning email on their servers for advertising purposes. Give it a rest. If people want to use the gmail infrastructure, they can deal with it.

I think this is the only time we have ever agreed.

ARGONAUT
Have a nice day.
Premium
join:2006-01-24
New Albany, IN
kudos:1

Goo-Keys

Google is using known public keys so the data can get captured and decoded. Which will happen.

Mega is working on using random unknown keys.
--

I deny your denial.
Rekrul

join:2007-04-21
Milford, CT

Why...

Why exactly is this necessary? Encryption programs like PGP have been around for decades and anyone can use them to encrypt their email before sending it. No support from Google or any other company is required.

Oh right, users today are too stupid to be able to use anything that isn't an automatic, one-click process...

dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

Re: Why...

Users aren't stupid. Users don't care who reads their email. Or at least they don't care based on the perceived level of difficult to do such a thing. I used to encrypt, but its just easier if I do not. But I do support google making my life easier by doing this for me.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16
afn06011

join:2012-10-15
Ireland

23 years later......

23 years later someone(s) finely start thinking about closing the barn door after all the horses and mice are long gone.
athornfam2

join:2013-09-25
York, PA

Google Fiber

I know once google comes to my area. I am going to drop comcast and get google fiber. Then setup my Cisco 2851, 2911 and my Anyconnect with my own Security measures.