User Tools

Site Tools


faq:encryption

Encryption

There are several different encryption methods used on the Internet which are relevant to VPOP3.

Current versions of VPOP3 Basic will be able to connect to other POP3 or SMTP servers using either SSL or TLS. This allows you to use VPOP3 to access services such as GMail which require SSL/TLS.

Current versions of VPOP3 Enterprise can also allow email clients and web browsers to connect to them using SSL or TLS, as long as a suitable public-key certificate has been created for VPOP3. This allows users to send/receive mail via VPOP3 using encrypted connections.

Session Encryption

With session (or transport) encryption, the two computers involved in sending or receiving the mail encrypt the data as it is sent, and decrypt it as it is received. With this system, the message is stored in an unencrypted form at either end, it is only during transmission that it is encrypted. This is because it is encrypted with a different public key each time it is sent to a different server.

With session encryption, an eavesdropper cannot see the message content. Also, they cannot see who is sending a message to whom. Everything about the messages being sent is encrypted.

There are two forms of session encryption supported by VPOP3.

SSL

SSL is the older system used for session encryption in email. (It is also the system used for the common https: encryption). SSL encryption uses an alternate TCP/IP port than unencrypted traffic, and all the session is encrypted.

Microsoft email clients currently only support the SSL encryption system.

Note that SSL has never been approved as a standard mechanism, although it is commonly used

Ports Used

  • HTTPS uses port 443 instead of HTTP's port 80
  • POP3S uses port 995 instead of POP3's port 110
  • IMAP4S uses port 993 instead of IMAP4's port 143
  • SMTPS generally uses port 665 instead of SMTP's port 25

TLS

TLS is the standards based system for session encryption. With TLS, connections are made on the standard TCP/IP port, and the two ends negotiate an encrypted connection if they support it. The very start of the session is unencrypted, but everything else is encrypted.

Typically TLS will use the standard ports.

Message Encryption

Message encryption is end-to-end. The sender's email client generally encrypts the message, and the recipient's email client will decrypt the message.

This has the advantage that the mail servers that the message passes through cannot see the message content either. However, the details of who is sending a message to whom will be available for an eavesdropper to see (unless session encryption is used as well).

Commonly known forms of message encryption are S/MIME and PGP. VPOP3 does not currently support either of these methods itself, although third party software using these systems will be able to send and receive mail through VPOP3 without any problems.

faq/encryption.txt · Last modified: 2018/11/14 10:45 by 127.0.0.1