Page 1 of 1

Some ideas for new features for V4

Posted: 05 Jun 2018 11:50
by ovizii
While searching for a free / open-source email encryption gateway I found this product: https://www.deeztek.com/products/hermes ... l-gateway/ which seems to combine the functionality of EFA + email archiving + encryption gateway so I thought maybe the developer of EFA could have a look for potential features to integrate into V4.
Btw. the encryption gateway integrated into the above product is https://www.ciphermail.com/

Re: Some ideas for new features for V4

Posted: 05 Jun 2018 19:35
by shawniverson
Thanks :)

Re: Some ideas for new features for V4

Posted: 06 Jun 2018 10:14
by ovizii
I am aware that EFA has a certain specialization and I usually prefer a single tool for a single job but sometimes its easier to use a all-in-one solution when i.e. both tools would normally handle DKIM or certificates

I am looking for something like this constellation:
internet <=> email encryption gateway <=> EFA <=> exchange <=> email client

Ciphercloud's take on it: https://www.ciphermail.com/blog/encrypt ... n-law.html (apparently they have a milter so EFA could be in front of the encryption gateway like this:
internet <=> EFA <=> email encryption gateway <=> exchange <=> email client

Anyway, this was just meant as inspiration :-)

Re: Some ideas for new features for V4

Posted: 06 Jun 2018 17:29
by budy
Encryption gateways are really hard to do right and in a corporate environment you usually need some assuarance if you intent to take such a contruct through a security audit.

I love eFa for all it's doing, but when it comes to encryption gateways for S/MIME or PGP, this is nothing I'd want to see in it, since I doubt that anyone having enough resources to keep that in good shape. For that you need someone who makes a business out of that.

…just my 2c, of course.

Re: Some ideas for new features for V4

Posted: 07 Jun 2018 07:15
by pdwalker
I'm inclined to agree with budy here. Encryption is hard to get right and is probably best left to the client side.

Re: Some ideas for new features for V4

Posted: 07 Jun 2018 08:08
by budy
Uhh… client side… I could tell you lot's of stories, which suggest that leaving mail encryption with S/MIME and/or PGP to the user is simply too confusing for them to be handled right. There are a couple of really good appliances out there and the afore mentioned ciphermail was indeed on my list of encryption appliances to check out. We settled on another product, named SeppMAIL ( a swiss product ), which encrypts/singnes and decrypts our messages.

Re: Some ideas for new features for V4

Posted: 07 Jun 2018 09:08
by ovizii
Thanks for all the input. I only posted this when I found that deeztech appliance which does everything EFa does and incorporates email archiving and the encryption gateway so I thought people around here might take a look if there#s anything that could be beneficial to EFA :-)

Re: Some ideas for new features for V4

Posted: 11 Jun 2018 10:37
by pdwalker
Link?

Re: Some ideas for new features for V4

Posted: 11 Jun 2018 11:22
by henk
Before you decide to use encrypted email, I would read this first: https://thehackernews.com/2018/05/pgp-s ... ption.html

Link to: Breaking S/MIME and OpenPGP Email Encryption.pdf https://efail.de/efail-attack-paper.pdf

SeppMAIL : https://www.seppmail.com/secure-email/email-encryption/

Re: Some ideas for new features for V4

Posted: 11 Jun 2018 12:47
by ovizii
pdwalker wrote: 11 Jun 2018 10:37Link?
https://www.deeztek.com/products/hermes ... l-gateway/

it was my first link, sorry for not being too specific.

Re: Some ideas for new features for V4

Posted: 11 Jun 2018 12:50
by ovizii
henk wrote: 11 Jun 2018 11:22 Before you decide to use encrypted email, I would read this first: https://thehackernews.com/2018/05/pgp-s ... ption.html

Link to: Breaking S/MIME and OpenPGP Email Encryption.pdf https://efail.de/efail-attack-paper.pdf

SeppMAIL : https://www.seppmail.com/secure-email/email-encryption/
I know about EFAIl but I only glanced over the details when I read this part:
EFF has warned users to immediately disable if they have installed any of the following mentioned plugins/tools for managing encrypted emails:
Thunderbird with Enigmail
Apple Mail with GPGTools
Outlook with Gpg4win
It should be noted that researchers have not claimed that the flaws reside in the way encryption algorithm works; instead, the issues appear in the way email decryption tools/plugins work.

Re: Some ideas for new features for V4

Posted: 16 Aug 2018 10:52
by deeztek
I know I'm a little late to the party. I just found this thread. I'm the senior developer behind Hermes SEG (https://www.deeztek.com/products/herme ... l-gateway/. As @ovizii correctly pointed out, the email encryption in Hermes SEG is accomplished by the integration of Ciphermail https://www.ciphermail.com/index.html. The latest version of Ciphermail which is included in the latest version of Hermes SEG detects EFAIL.
Nevertheless, Ciphermail is not directly vulnerable to EFAIL. More information can be found here: https://www.ciphermail.com/blog/efail-d ... ntion.html.

Thanks