Abstract
E-mail is one of the oldest applications on the internet. Clients have to adhere to message formats that have been defined in RFC 822 [13] back in 1982, and at the same time be able to transport all types of content. Additionally, there are severe restrictions for the use of both encryption and digital signatures due to the adherence to RFC822. In this paper we propose a new approach based on our XMaiL project: Using the XMaiL parser, we transform header and body of the mail into an XML object. This transformation preserves both the MIME and the PKCS#7 structure of the mail. We describe the security enhancements that are possible using XMaiL such as selective encryption and signature of parts of the e-mail, or signature of critical fields in the header of the mail.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Apache XML Security, http://xml.apache.org/security/
ASN.1 Information Site, http://asn1.elibel.tm.fr
The Legion of the Bouncy Castle, Bouncy Castle Crypto APIs, http://www.bouncycastle.org/
IronMail Gateway, http://www.ciphertrust.com
Eilebrecht, L.: Ciphire Mail: Email Encryption and Authentication. In: Financial Cryptography and Data SecurityNinth International Conference, Roseau, The Commonwealth Of Dominica, February 28-March 3 (2005)
Garfinkel, S.L., Schiller, J.I., Nordlander, E., Margrave, D., Miller, R.C.: Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. In: Financial Cryptography and Data Security Ninth International Conference, Roseau, The Commonwealth Of Dominica, February 28-March 3 (2005)
World Wide Web Consortium, Hypertext Markup Language, http://www.w3c.org/MarkUp/
SUN Microsystems, JavaMail API, http://java.sun.com/products/javamail/
SUN Microsystems, Java Architecture for XML Binding (JAXB), http://java.sun.com/xml/jaxb/
Levitt, J.: Tech Guide: Many Strategies Against Spam Can’t Stem Frustration, http://www.informationweek.com/story/showArticle.jhtml?articleID=13101046&pgno=3
Leiba, B., Borenstein, N.: A Multifaceted Approach to Spam Reduction. In: First Conference on Email and Anti-Spam (CEAS) 2004 Proceedings Mountain View, CA, July 30-31 (2004)
PKCS #7: Cryptographic Message Syntax Standard, http://www.rsasecurity.com/rsalabs/node.asp?id=2129
Internet Engineering Task Force, Request for Comments No. vwxy, http://www.ietf.org/rfc/rfcvwxy.txt
SANS Institute, The Twenty Most Critical Internet Security Vulnerabilities, http://www.sans.org/top20
http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509
World Wide Web Consortium, eXtended Markup Language, http://www.w3.org/XML/
XML Signature WG, http://www.w3.org/Signature/
XML Encryption WG, http://www.w3.org/Encryption/2001/
Mediaone, eXtensible Mail Transport Protocol, http://xml.coverpages.org/xmtp20000508.html
Mundy, D.P., Chadwick, D., Smith, A.: Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs eXtensible Markup Language (XML). In: TERENA Networking Conference, Zagreb, Croatia, May 19-22 (2003)
XML Binary Characterization Working Group, http://www.w3.org/XML/Binary/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ewers, L., Kubbilun, W., Liao, L., Schwenk, J. (2005). Secure XMaiL or How to Get Rid of Legacy Code in Secure E-Mail Applications. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds) Communications and Multimedia Security. CMS 2005. Lecture Notes in Computer Science, vol 3677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552055_39
Download citation
DOI: https://doi.org/10.1007/11552055_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28791-9
Online ISBN: 978-3-540-31978-8
eBook Packages: Computer ScienceComputer Science (R0)