Kudos from the NSA!

elvey · 27 Mar 2016, 02:19 PM

Leaked TOP SECRET presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not (http://www.spiegel.de/international/...a-1010361.html) links to
http://www.spiegel.de/media/media-35535.pdf and on page 38/40 it lists Fastmail as an encrypted webmail service (along with Atabmail, ZOHO, safe-mail, and HMA Mail) that is an issue for the NSA's Big Brother efforts.

Kudos to Fastmail for earning this recognition. Well done!

ChinaLamb · 27 Mar 2016, 11:04 PM

Quote:

Originally Posted by elvey

Leaked TOP SECRET presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not (http://www.spiegel.de/international/...a-1010361.html) links to
http://www.spiegel.de/media/media-35535.pdf and on page 38/40 it lists Fastmail as an encrypted webmail service (along with Atabmail, ZOHO, safe-mail, and HMA Mail) that is an issue for the NSA's Big Brother efforts.

Kudos to Fastmail for earning this recognition. Well done!

Interesting...

Did I just break a law by downloading and reading that document??? - I mean, if I had downloaded it and read it would I have broken a law?

/cl

BritTim · 28 Mar 2016, 01:22 AM

In the purely hypothetical case that any of us had downloaded the file, seen the security classification, and read it (and other linked documents) I do not think we would be liable for prosecution. Whatever the security classification, it is clearly now in the public domain. We might get ourselves on some list of undesirables, however.

Fortunately I, of course recognizing the subversive nature of this material, studiously avoided it, and avoided educating myself on its contents.

FredOnline · 28 Mar 2016, 01:37 AM

Quote:

Originally Posted by BritTim

Fortunately I, of course recognizing the subversive nature of this material, studiously avoided it, and avoided educating myself on its contents.

Sound advice.

I suggest it's left to the powers-that-be to pursue the OP for starting the thread here, and also provide censure for the overuse of smilies.

janusz · 28 Mar 2016, 04:47 AM

Quote:

Originally Posted by elvey

it lists Fastmail as an encrypted webmail service

The document is dated June 2012.

Added later:Fastmail is an encrypted webmail service ? I've never seen Fastmail making such a claim.

nachoig · 28 Mar 2016, 04:53 AM

There's a mention on the page 21 also.

Anyway, the mails stored at FastMail aren't encrypted. I'm suprised to see them saying it's encrypted, the only encryption which is being used on FastMail is the encryption in the connection (TLS) between your device and FastMail servers.

Server-to-server connection can be encrypted if the server on the other side supports it.

janusz · 28 Mar 2016, 05:27 AM

Quote:

Originally Posted by nachoig

the only encryption which is being used on FastMail is the encryption in the connection (TLS) between your device and FastMail servers..

Curioser & curioser...
This encryption was made compulsory only at the end of June 2012, the same month when the super-secret paper mentioned by the OP was published

BritTim · 28 Mar 2016, 08:06 AM

Quote:

Originally Posted by janusz

Curioser & curioser...
This encryption was made compulsory only at the end of June 2012, the same month when the super-secret paper mentioned by the OP was published

Well, actually it was not made completely compulsory even then. The access to insecure.messagingengine.com still existed. However, as a practical matter, most Fastmail messages were encrypted during transmission long before 2012. The NSA seems to be suggesting that they do not have access to Fastmail's disks at NYI, and it is not easy to break the encryption on Fastmail messages during transmission. Whether this remains true in 2016, who knows.

ChinaLamb · 28 Mar 2016, 09:41 AM

Quote:

Originally Posted by janusz

Curioser & curioser...
...the end of June 2012...

I heard an interview from someone in the intelligence industry, saying that anything Snowden made public is now obsolete. Everything changes so quickly these days. There's a whole lot more standatd encryption these days.

danieldk · 28 Mar 2016, 07:16 PM

Quote:

Originally Posted by nachoig

Anyway, the mails stored at FastMail aren't encrypted. I'm suprised to see them saying it's encrypted, the only encryption which is being used on FastMail is the encryption in the connection (TLS) between your device and FastMail servers.

FWIW, Fastmail also uses encryption at rest.

https://www.fastmail.com/about/privacy.html

kijinbear · 29 Mar 2016, 10:09 AM

Quote:

Originally Posted by danieldk

FWIW, Fastmail also uses encryption at rest.

https://www.fastmail.com/about/privacy.html

And the keys are in Australia the last time I heard about it. I don't know how well-prepared they are for hardware intrusion, though. Hopefully their servers will wipe their own RAM if any intrusion is detected.

elvey · 1 May 2016, 09:39 AM

The state of the art has advanced: https://tools.ietf.org/html/draft-margolis-smtp-sts-00

I don't recall hearing that fastmail supports DANE, but would like to hear if there are any plans to support DANE and/or SMTP STS or not.

Hope so. These enhanced protocols are an organized response triggered by Snowden's disclosures. See here.

FYI, as work of the US, the leaked material was 'public domain' from the moment it was created. 'Public domain' is a legal term that indicates copyright status, not secrecy or confidentiality. See here. In case you were being serious.

The powers that be visited and I invited them to sit and they enjoyed delightfully energizing cups of Po-210-infused tea. Haven't heard from them since. Fred, say hello to my little friends:

n5bb · 1 May 2016, 11:37 AM

Quote:

Originally Posted by elvey

... I don't recall hearing that fastmail supports DANE, but would like to hear if there are any plans to support DANE and/or SMTP STS or not.

See Rob N's comments about DNSSEC implementation here:
http://www.emaildiscussions.com/show...850#post591850

http://www.internetsociety.org/artic...l-using-dnssec

Bill

27 Mar 2016, 02:19 PM	#1
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,458	Kudos from the NSA! Leaked TOP SECRET presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not (http://www.spiegel.de/international/...a-1010361.html) links to http://www.spiegel.de/media/media-35535.pdf and on page 38/40 it lists Fastmail as an encrypted webmail service (along with Atabmail, ZOHO, safe-mail, and HMA Mail) that is an issue for the NSA's Big Brother efforts. Kudos to Fastmail for earning this recognition. Well done!

1 May 2016, 09:39 AM	#12
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,458	The state of the art has advanced. The state of the art has advanced: https://tools.ietf.org/html/draft-margolis-smtp-sts-00 I don't recall hearing that fastmail supports DANE, but would like to hear if there are any plans to support DANE and/or SMTP STS or not. Hope so. These enhanced protocols are an organized response triggered by Snowden's disclosures. See here. FYI, as work of the US, the leaked material was 'public domain' from the moment it was created. 'Public domain' is a legal term that indicates copyright status, not secrecy or confidentiality. See here. In case you were being serious. The powers that be visited and I invited them to sit and they enjoyed delightfully energizing cups of Po-210-infused tea. Haven't heard from them since. Fred, say hello to my little friends:

28 Mar 2016, 01:22 AM	#3
BritTim The "e" in e-mail Join Date: May 2003 Location: mostly in Thailand Posts: 3,095	In the purely hypothetical case that any of us had downloaded the file, seen the security classification, and read it (and other linked documents) I do not think we would be liable for prosecution. Whatever the security classification, it is clearly now in the public domain. We might get ourselves on some list of undesirables, however. Fortunately I, of course recognizing the subversive nature of this material, studiously avoided it, and avoided educating myself on its contents.

28 Mar 2016, 04:53 AM	#6
nachoig Junior Member Join Date: Dec 2014 Posts: 15	There's a mention on the page 21 also. Anyway, the mails stored at FastMail aren't encrypted. I'm suprised to see them saying it's encrypted, the only encryption which is being used on FastMail is the encryption in the connection (TLS) between your device and FastMail servers. Server-to-server connection can be encrypted if the server on the other side supports it.