Some ideas for new features for V4

General eFa discussion
Post Reply
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Some ideas for new features for V4

Post by ovizii »

While searching for a free / open-source email encryption gateway I found this product: https://www.deeztek.com/products/hermes ... l-gateway/ which seems to combine the functionality of EFA + email archiving + encryption gateway so I thought maybe the developer of EFA could have a look for potential features to integrate into V4.
Btw. the encryption gateway integrated into the above product is https://www.ciphermail.com/
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Some ideas for new features for V4

Post by shawniverson »

Thanks :)
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Some ideas for new features for V4

Post by ovizii »

I am aware that EFA has a certain specialization and I usually prefer a single tool for a single job but sometimes its easier to use a all-in-one solution when i.e. both tools would normally handle DKIM or certificates

I am looking for something like this constellation:
internet <=> email encryption gateway <=> EFA <=> exchange <=> email client

Ciphercloud's take on it: https://www.ciphermail.com/blog/encrypt ... n-law.html (apparently they have a milter so EFA could be in front of the encryption gateway like this:
internet <=> EFA <=> email encryption gateway <=> exchange <=> email client

Anyway, this was just meant as inspiration :-)
budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Some ideas for new features for V4

Post by budy »

Encryption gateways are really hard to do right and in a corporate environment you usually need some assuarance if you intent to take such a contruct through a security audit.

I love eFa for all it's doing, but when it comes to encryption gateways for S/MIME or PGP, this is nothing I'd want to see in it, since I doubt that anyone having enough resources to keep that in good shape. For that you need someone who makes a business out of that.

…just my 2c, of course.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Some ideas for new features for V4

Post by pdwalker »

I'm inclined to agree with budy here. Encryption is hard to get right and is probably best left to the client side.
budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Some ideas for new features for V4

Post by budy »

Uhh… client side… I could tell you lot's of stories, which suggest that leaving mail encryption with S/MIME and/or PGP to the user is simply too confusing for them to be handled right. There are a couple of really good appliances out there and the afore mentioned ciphermail was indeed on my list of encryption appliances to check out. We settled on another product, named SeppMAIL ( a swiss product ), which encrypts/singnes and decrypts our messages.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Some ideas for new features for V4

Post by ovizii »

Thanks for all the input. I only posted this when I found that deeztech appliance which does everything EFa does and incorporates email archiving and the encryption gateway so I thought people around here might take a look if there#s anything that could be beneficial to EFA :-)
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Some ideas for new features for V4

Post by pdwalker »

Link?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Some ideas for new features for V4

Post by henk »

Before you decide to use encrypted email, I would read this first: https://thehackernews.com/2018/05/pgp-s ... ption.html

Link to: Breaking S/MIME and OpenPGP Email Encryption.pdf https://efail.de/efail-attack-paper.pdf

SeppMAIL : https://www.seppmail.com/secure-email/email-encryption/
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Some ideas for new features for V4

Post by ovizii »

pdwalker wrote: 11 Jun 2018 10:37Link?
https://www.deeztek.com/products/hermes ... l-gateway/

it was my first link, sorry for not being too specific.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Some ideas for new features for V4

Post by ovizii »

henk wrote: 11 Jun 2018 11:22 Before you decide to use encrypted email, I would read this first: https://thehackernews.com/2018/05/pgp-s ... ption.html

Link to: Breaking S/MIME and OpenPGP Email Encryption.pdf https://efail.de/efail-attack-paper.pdf

SeppMAIL : https://www.seppmail.com/secure-email/email-encryption/
I know about EFAIl but I only glanced over the details when I read this part:
EFF has warned users to immediately disable if they have installed any of the following mentioned plugins/tools for managing encrypted emails:
Thunderbird with Enigmail
Apple Mail with GPGTools
Outlook with Gpg4win
It should be noted that researchers have not claimed that the flaws reside in the way encryption algorithm works; instead, the issues appear in the way email decryption tools/plugins work.
deeztek
Posts: 1
Joined: 16 Aug 2018 10:42

Re: Some ideas for new features for V4

Post by deeztek »

I know I'm a little late to the party. I just found this thread. I'm the senior developer behind Hermes SEG (https://www.deeztek.com/products/herme ... l-gateway/. As @ovizii correctly pointed out, the email encryption in Hermes SEG is accomplished by the integration of Ciphermail https://www.ciphermail.com/index.html. The latest version of Ciphermail which is included in the latest version of Hermes SEG detects EFAIL.
Nevertheless, Ciphermail is not directly vulnerable to EFAIL. More information can be found here: https://www.ciphermail.com/blog/efail-d ... ntion.html.

Thanks
Post Reply