Zimbra Email Security Webinar Series: TLS and DANE (updated)

Many Zimbra administrators have setup TLS encryption to protect their users’ login credentials and email in transit.  But TLS is a complex standard, and often unknowingly misconfigured.  Deploying TLS correctly does not require a university degree in cryptography, but rather a working knowledge of some key concepts and awareness of pitfalls to avoid.

And, with the rapid success of free SSL certificate authorities (CAs) like Let’s Encrypt, financial barriers to ubiquitous use of encryption have vanished. The increasing ease of obtaining an SSL certificate from free and commercial CAs has magnified a long standing weakness with the CAs.  We trust the CAs to properly validate that SSL certificates are issued only to a domain name’s legitimate owner, but this trust has frequently been proven to be misplaced.  When a university student can obtain an SSL certificate for github.com, and an individual with no affiliation with Mozilla can obtain an SSL certificate for mozilla.com, how safe do you think your domain name is from SSL certificate fraud?

In this fifth episode of the Zimbra Email Security Webinar Series, join us for an overview of the most important information you need to know to use TLS encryption to protect your users effectively, and for a discussion of the risks of the current CA system, along with how you can use the DANE standard to assert unbreakable ownership and trust for
your SSL certificates.

Here are the slides from the TLS/DANE webinar.

In case you missed any of the previous webinar episodes, they can be viewed here: https://www.youtube.com/playlist?list=PL-n95mpBtP2ZP4GVMR8B25np-Zwv7uRaA if you are interested we also uploaded the slide decks of the previous webinars.

, , , ,

3 Responses to Zimbra Email Security Webinar Series: TLS and DANE (updated)

  1. Mic August 31, 2022 at 5:12 PM #

    This will be a great learning, thanks for organising.
    Will you cover also the TLS certification mechanism for remote STMP client connections if relevant for the topic of the seminar (smtpd_tls_ask_ccert and permit_tls_clientcerts settings) ?

    • Barry de Graaff September 1, 2022 at 6:43 AM #

      Hello Mic, please ask the question during the webinar, thanks!

    • Mic September 1, 2022 at 5:37 PM #

      I wish I could attend, but it will be 2AM for me that I am on GMT+10. The time is not good for the far east. I will be happy to watch the recording offline. But thanks for organising this.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures