- 27-05-22Update RFO netwerk incident 17-04-2022
- 23-05-22Freedom of Information Coalition (FOIC) stapt naar de Europese rechter
- 04-05-22Drie op de tien IT-beslissers: beveiliging klantdata laat te wensen over
- 21-04-22Kwart IT-beslissers vindt aandacht voor privacy overdreven
- 19-04-22RFO Netwerk Incident 17-04-2022
- 07-04-22Locatie dataopslag niet in top drie argumenten voor keuze cloudprovider
- 09-03-22The Hague Centre for Strategic Studies migreert dataplatform naar BIT NL Cloud
- 21-02-22BIT-MeetMe weer volledig open
- 17-12-21Wij werken gewoon thuis door
- 05-11-21Mond- en neusmasker vanaf 6 november bij BIT verplicht
STARTTLS and DANE mandated by National Consultation
The National Consultation Digital Government is requiring governments to implement the email security standards STARTTLS and DANE with investments in email systems. On September 19, 2016 it was decided to add both open standards to the list of required standards according to the ‘comply-or-explain’ regime.
A solid encryption of email traffic
To guarantee the integrity and confidentiality of email traffic, the use of STARTTLS and DANE is needed. STARTTLS combined with DANE counteracts the interception or manipulation of email traffic. STARTTLS offers the possibility to secure transport connections between email servers based on certificates with TLS. In combination with email security standard DANE, email servers can also enforce the use of TLS. Together they ensure a solid encryption of email traffic. This secures the email traffic for certain types of attacks that aim to intercept or manipulate.
How does it work?
When an email is sent, the senders’ mail server sends it to the recipients’ mail server. The connection between these servers can be secured with TLS. The protocol that is used to do this is called STARTTLS. This STARTTLS-protocol makes sure that an unencrypted connection is converted to an encrypted TLS-connection. Both mail servers need to support STARTTLS to allow this.’
DANE is a technique that builds on DNSSEC and allows secure publishing of public keys and certificates. DANE can be used to connect key information (for example a hash code) to an address/protocol or port-combination. That way the authenticity of the certificate can be verified for every encrypted internet service through DNS. If the hash code of the certificate or the certificate authority is not the same as the hash code in the TLSA record, the client knows that the connection cannot be trusted.
Open standards on the ‘comply-or-explain’ list
The security standards on the ‘comply-or-explain’ list help secure information. The addition to the ‘comply-or-explain’ list means that public organisations, including healthcare and government institutions have to implement the standards when purchasing new ICT systems and services. An overview of all open standards can be found on the website of the Standardisation Forum. On https://internet.nl/ domain names can be checked for the support of open standards.