FOSDEM 2026

"(Avoid) Implementing STARTTLS" ( 2025 )

Saturday at 17:00, 30 minutes, K.4.601, K.4.601, Modern Email Damian Poddebniak , video

I want to keep up my mission to make STARTTLS a technology of the past by recapping on the issues STARTTLS creates and providing advice how to (avoid) implementing (most of) it. The talk will be 5 to 10 minutes and is motivated by my research about real-world STARTTLS issues (https://nostarttls.secvuln.info/) and the implementations I (reluctantly) wrote (https://github.com/duesee/imap-next).

2026

0.52 "Mail & Security - Lessons learned and interesting tools"

2025

0.48 "Chatmail server networks for anonymous end-to-end encrypted messaging"
0.48 "Advanced mail security - our experience with automated reputation sharing in communities and pre-queue deep threat analyzers"
0.47 "Authentication and autoconfig for email - Update on standardization efforts"
0.47 "How email addresses are growing to support unicode"

2024

0.59 "[Protocols] Security of STARTTLS in the E-Mail Context"
0.50 "[Security] Modernizing email encryption: the crypto refresh of OpenPGP"
0.50 "[Ending] It's all about the email. Ugh, what?"
0.49 "[Security] Thunderbird Email Security, plans and challenges."
0.48 "[Security] Email Autoconfiguration, and 2FA for email"

Related: