SafeTLS and Evolution in Secure Messaging
Not too far back in time, we lived in a business world without the convenience of computers, mobile devices and email – which is still considered the most common method of communication today. The way we communicate has come a long way, and so too has the way we communicate securely. Just for fun, let’s have a look at some of the ways secure messaging has evolved over time.
Messenger Pigeons: The sport of flying homing pigeons was well-established as early as 776 BBC as they were used to proclaim the winner of the Olympics. Messenger pigeons were used as early as 1150 in Baghdad and later by Genghis Khan. Security was provided by means of pigeons homing ability to return to its nest.
Smoke Signals: In ancient China, soldiers stationed along the Great Wall would alert each other of impending enemy attack by signaling from beacon tower to tower. In this way, they could transmit a message as far away as 470 miles in just a few hours. Greek historian Polybius came up with a more complex system of alphabetical smoke signals around 150 BCE by converting Greek alphabetic characters into numeric characters. It enabled messages to be easily signaled by holding sets of torches in pairs – “Polybius square” lent itself to cryptography. North American Indians also communicated via smoke signals as each tribe had its own signaling system which provided much needed security.
Pony Express: Founded in 1860 as a mail service delivering messages, newspapers, and mail, the Pony Express utilized short routes and mounted riders. It reduced the time for messages to travel between the Atlantic and Pacific coasts to about 10 days. It was said that, if it came to it, the horse and rider should perish before the mochila (mail pouch) did. Security was provided by means of a revolver.
Encrypted Email: Early forms of email evolved from file directories and first entered limited use in the 1960s. By 1971 the first of what we now recognize as email was sent over ARPANET by Ray Tomlinson. Early emails were not protected and subject to exposure. Even today email privacy, without some security precautions, can be compromised. However, various schemas have been utilized over time to protect the content from being read by other entities than the intended recipients.
Below are a few notable ones:
- Privacy Enhanced Messaging (PEM) defined by Privacy and Security Research Group (PSRG).
- Pretty Good Privacy*** (PGP) developed by Phil Zimmerman in the late 1980’s.
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Desktop Encryption – In this form, messages and attachments are encrypted at the desktop. Copies of sent messages are left in a “sent items” folder in the users’ email client. While convenient for the user, this approach is a challenge for e-Discovery.
- Encrypted .PDF Envelope – In this method, messages and attachments are delivered to recipients as encrypted .PDF attachments. However, when a user’s password changes, opening prior delivered emails becomes a challenge.
- Transport Layer Security (TLS) – this approach has evolved and takes on several forms:
- Notification and Link – This is the most common method for encrypted email today. However, encryption in this form requires unlicensed recipients to establish credentials on a secure webmail portal to gain access to their messages, an extra step that can burden the recipient experience. Single Sign On using credentials of other common services such as Microsoft, Google Mail, Office365, LinkedIn, or corporate identity servers, simplifies access to the secure webmail portal and improves the user experience.
- Opportunistic TLS – a concept put into use for user convenience… However, it is neither meeting today’s demanding compliance nor security requirements. In a nutshell: the sending server attempts to send email encrypted, but if the receiving server won’t accept encrypted messages then the mail is sent unencrypted.
- SafeTLS – In this method, TLS is made ‘smart’ and detects if the receiving server will or won’t accept the message – guaranteeing the message and attachments will be sent securely. Unlike opportunistic TLS, when the receiving server won’t accept encrypted messages, SafeTLS will fall back to the “Notification and Link” method ensuring the message gets delivered securely. This method can also use a single sign on capability, making it one of the user friendliest methods available for encrypting email.
To learn even more about encryption, view our on-demand webinar “Facts About Encryption”.