Feature #201

DANE/TLSA support

Added by Georg Schmalhofer 6 months ago.

Status:NewStart date:05/13/2014
Priority:NormalDue date:
Assignee:Hiroyuki Yamamoto% Done:

0%

Category:SecuritySpent time:-
Target version:3.5

Description

Dear Sylpheed team,

posteo.de, a small German e-mail provider that recently received some attention because of its focus on protecting its users' privacy, has announced today that they implemented DANE (DNS-based Authentication of Named Entities) for encrypted transport of e-mails.

The concept sounds quite exciting and seems to be much safer than TLS/SSL, as certificates are verified using secured DNS entries, preventing MITM attacks or attacks using fake certificates:
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

Would it be possible to add DANE support to Sylpheed?
Posteo seems to be the first e-mail provider to use this protocol, but hopefully other providers will follow.

Some links:

DANE browser plugin with source code:
https://www.dnssec-validator.cz/pages/download.html

Posteo's press release (German):
https://posteo.de/blog/posteo-unterst%C3%BCtzt-danetlsa

Thanks!

Also available in: Atom PDF