Secure XMaiL or How to Get Rid of Legacy Code in Secure E-Mail Applications

  • Lars Ewers
  • Wolfgang Kubbilun
  • Lijun Liao
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3677)


E-mail is one of the oldest applications on the internet. Clients have to adhere to message formats that have been defined in RFC 822 [13] back in 1982, and at the same time be able to transport all types of content. Additionally, there are severe restrictions for the use of both encryption and digital signatures due to the adherence to RFC822. In this paper we propose a new approach based on our XMaiL project: Using the XMaiL parser, we transform header and body of the mail into an XML object. This transformation preserves both the MIME and the PKCS#7 structure of the mail. We describe the security enhancements that are possible using XMaiL such as selective encryption and signature of parts of the e-mail, or signature of critical fields in the header of the mail.


Legacy Code Selective Encryption Head Field Security Enhancement Financial Cryptography 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Apache XML Security,
  2. 2.
    ASN.1 Information Site,
  3. 3.
    The Legion of the Bouncy Castle, Bouncy Castle Crypto APIs,
  4. 4.
    IronMail Gateway,
  5. 5.
    Eilebrecht, L.: Ciphire Mail: Email Encryption and Authentication. In: Financial Cryptography and Data SecurityNinth International Conference, Roseau, The Commonwealth Of Dominica, February 28-March 3 (2005)Google Scholar
  6. 6.
    Garfinkel, S.L., Schiller, J.I., Nordlander, E., Margrave, D., Miller, R.C.: Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. In: Financial Cryptography and Data Security Ninth International Conference, Roseau, The Commonwealth Of Dominica, February 28-March 3 (2005)Google Scholar
  7. 7.
    World Wide Web Consortium, Hypertext Markup Language,
  8. 8.
    SUN Microsystems, JavaMail API,
  9. 9.
    SUN Microsystems, Java Architecture for XML Binding (JAXB),
  10. 10.
    Levitt, J.: Tech Guide: Many Strategies Against Spam Can’t Stem Frustration,
  11. 11.
    Leiba, B., Borenstein, N.: A Multifaceted Approach to Spam Reduction. In: First Conference on Email and Anti-Spam (CEAS) 2004 Proceedings Mountain View, CA, July 30-31 (2004)Google Scholar
  12. 12.
    PKCS #7: Cryptographic Message Syntax Standard,
  13. 13.
    Internet Engineering Task Force, Request for Comments No. vwxy,
  14. 14.
    SANS Institute, The Twenty Most Critical Internet Security Vulnerabilities,
  15. 15.
  16. 16.
    World Wide Web Consortium, eXtended Markup Language,
  17. 17.
    XML Signature WG,
  18. 18.
  19. 19.
    Mediaone, eXtensible Mail Transport Protocol,
  20. 20.
    Mundy, D.P., Chadwick, D., Smith, A.: Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs eXtensible Markup Language (XML). In: TERENA Networking Conference, Zagreb, Croatia, May 19-22 (2003)Google Scholar
  21. 21.
    XML Binary Characterization Working Group,

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Lars Ewers
    • 1
  • Wolfgang Kubbilun
    • 2
  • Lijun Liao
    • 3
  • Jörg Schwenk
    • 3
  1. 1.BochumGermany
  2. 2.MediaSec Technologies GmbHEssenGermany
  3. 3.Hörst Görtz Institute for IT SecurityRuhr-UniversityBochumGermany

Personalised recommendations