Protection of email communication via TLS

03.07.2018

LuxCSD1 seeks to continuously improve the quality, security and safety of the financial markets. Email exchanges via the Internet are exposed to disclosure to unauthorised parties and manipulations if not properly protected.

In the interest of protecting the data and content of emails, safeguarding them against the risk of data loss and protecting confidentiality of critical data, LuxCSD will implement as from

17 December 2018

the latest version of the TLS (Transport Layer Security) encryption protocol and highly recommends customers and providers to also adopt it. Unencrypted email traffic poses high risks to our business and the market.

What is TLS?

TLS is a cryptographic protocol designed to provide communication security over the Internet. It establishes the email encryption at the level of the company mail gateway. TLS uses certificates to authenticate the counterparty of the communication and to encrypt all data flows between the parties in order to ensure the confidentiality of the data/message.

How does TLS work?

  1. A connection is established between the email gateway of LuxCSD and its counterparty.
  2. The receiving host offers TLS encryption.
  3. The sending host starts a TLS session.
  4. The email appliance attempts to exchange the encrypted data.

As from 17 December 2018, email gateways at LuxCSD will be configured so that emails between LuxCSD, its customers and providers can be exchanged encrypted. TLS will always be used as primary encryption method. As a result, all outgoing emails will be encrypted as from this date. Once the customer or provider has also installed TLS, the exchange of emails will be seamless.

Non-encrypted emails sent to LuxCSD after the implementation of TLS will still be received and remain subject to existing rules on communication channels contained in LuxCSD’s documentation.

Technical requirements for customers and providers

TLS must be functioning and properly configured on all mail servers that send and receive emails for the business partner domains, including any outsourced or external systems sending auto-generated or other types of mass mailings on behalf of these domains.

If a secure TLS connection cannot be established, the email will be delivered to the recipient as an encrypted email attachment (as displayed below):

New content item

To be able to read the content of the email the recipient has to open the attachment. By doing so, they will be prompted to register in a Cisco portal by inputting their own email address and password.

Important note: Servers must be running TLS with a valid certificate of the appropriate key size.

Customers and providers are responsible for ensuring the validity of the TLS certificates in use and for providing the infrastructure to support TLS. The setup of TLS does not require testing or exchange of information with LuxCSD. If you are not sure whether TLS is set up for your company or individual use, please contact your IT department or your email service provider. 

Customers and providers are reminded that in case of failure of their security measures, LuxCSD will not be liable for any disruption or manipulation that might occur in the communication via email.

Further information

For further information, please contact the the LEI Service team at lei.service@luxcsd.com or the CSD Service team through LuxCSD Client Services or your Relationship Officer.

------------------------------------------
1. LuxCSD refers to LuxCSD, société anonyme registered office at 42, avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg, registered with the Trade and Company Register of Luxembourg, under number B. 154 449.