- 28-11-24ECOFED uitgeroepen tot publieksfavoriet bij Computable Awards
- 21-11-24Een goede cloud heeft een kundige dirigent nodig
- 17-10-24ECOFED wint ICT Innovatieprijs Regio Foodvalley 2024
- 01-08-24BIT geeft kaarten weg voor F1 in Zandvoort
- 24-04-24Status.bit.nl in nieuw jasje!
- 12-04-24Nieuw bij BIT: GPU hosting
- 25-03-24BIT breidt netwerkconnectiviteit uit met aansluiting op NL-ix^2
- 13-03-24No More Leaks: Samenwerken tegen cybercriminaliteit
- 03-03-24Geen verandering twee jaar na invoering sancties tegen Russische media: FOIC roept (wederom) op tot einde van ondemocratische censuur
- 29-01-24Onzichtbare upgrades
STARTTLS and DANE mandated by National Consultation
The National Consultation Digital Government is requiring governments to implement the email security standards STARTTLS and DANE with investments in email systems. On September 19, 2016 it was decided to add both open standards to the list of required standards according to the ‘comply-or-explain’ regime.
A solid encryption of email traffic
To guarantee the integrity and confidentiality of email traffic, the use of STARTTLS and DANE is needed. STARTTLS combined with DANE counteracts the interception or manipulation of email traffic. STARTTLS offers the possibility to secure transport connections between email servers based on certificates with TLS. In combination with email security standard DANE, email servers can also enforce the use of TLS. Together they ensure a solid encryption of email traffic. This secures the email traffic for certain types of attacks that aim to intercept or manipulate.
How does it work?
When an email is sent, the senders’ mail server sends it to the recipients’ mail server. The connection between these servers can be secured with TLS. The protocol that is used to do this is called STARTTLS. This STARTTLS-protocol makes sure that an unencrypted connection is converted to an encrypted TLS-connection. Both mail servers need to support STARTTLS to allow this.’
DANE is a technique that builds on DNSSEC and allows secure publishing of public keys and certificates. DANE can be used to connect key information (for example a hash code) to an address/protocol or port-combination. That way the authenticity of the certificate can be verified for every encrypted internet service through DNS. If the hash code of the certificate or the certificate authority is not the same as the hash code in the TLSA record, the client knows that the connection cannot be trusted.
Open standards on the ‘comply-or-explain’ list
The security standards on the ‘comply-or-explain’ list help secure information. The addition to the ‘comply-or-explain’ list means that public organisations, including healthcare and government institutions have to implement the standards when purchasing new ICT systems and services. An overview of all open standards can be found on the website of the Standardisation Forum. On https://internet.nl/ domain names can be checked for the support of open standards.