- 16-12-19Hercertificeringsaudit ISO 27001 en NEN 7510
- 20-11-19BIT wint FoodValley ICT Awards 2019
- 20-11-19BIT voorziet nieuwe internetprovider Freedom Internet van serverruimte
- 13-11-19Kom je ook naar de BIT nieuwjaarsborrel op 10 januari 2020?
- 29-08-19Nieuwe pagina: Wet- & Regelgeving specifiek voor de hostingbranche
- 10-08-19BIT genomineerd voor IaaS-/PaaS-leverancier van het Jaar
- 07-08-19RFO netwerkstoring
- 21-05-19Klantcase Aangetekend Mailen
- 09-05-19BIT verhoogt netwerkcapaciteit en -beschikbaarheid met nieuwe switches
- 08-05-19Nationale Datacenter Dag dinsdag 11 juni 2019
STARTTLS and DANE mandated by National Consultation
The National Consultation Digital Government is requiring governments to implement the email security standards STARTTLS and DANE with investments in email systems. On September 19, 2016 it was decided to add both open standards to the list of required standards according to the ‘comply-or-explain’ regime.
A solid encryption of email traffic
To guarantee the integrity and confidentiality of email traffic, the use of STARTTLS and DANE is needed. STARTTLS combined with DANE counteracts the interception or manipulation of email traffic. STARTTLS offers the possibility to secure transport connections between email servers based on certificates with TLS. In combination with email security standard DANE, email servers can also enforce the use of TLS. Together they ensure a solid encryption of email traffic. This secures the email traffic for certain types of attacks that aim to intercept or manipulate.
How does it work?
When an email is sent, the senders’ mail server sends it to the recipients’ mail server. The connection between these servers can be secured with TLS. The protocol that is used to do this is called STARTTLS. This STARTTLS-protocol makes sure that an unencrypted connection is converted to an encrypted TLS-connection. Both mail servers need to support STARTTLS to allow this.’
DANE is a technique that builds on DNSSEC and allows secure publishing of public keys and certificates. DANE can be used to connect key information (for example a hash code) to an address/protocol or port-combination. That way the authenticity of the certificate can be verified for every encrypted internet service through DNS. If the hash code of the certificate or the certificate authority is not the same as the hash code in the TLSA record, the client knows that the connection cannot be trusted.
Open standards on the ‘comply-or-explain’ list
The security standards on the ‘comply-or-explain’ list help secure information. The addition to the ‘comply-or-explain’ list means that public organisations, including healthcare and government institutions have to implement the standards when purchasing new ICT systems and services. An overview of all open standards can be found on the website of the Standardisation Forum. On https://internet.nl/ domain names can be checked for the support of open standards.