written 8.4 years ago by | modified 2.8 years ago by |
Subject: System Web Security
Topic: Network Security
Difficulty: Low
written 8.4 years ago by | modified 2.8 years ago by |
Subject: System Web Security
Topic: Network Security
Difficulty: Low
written 8.4 years ago by |
The key components of the Internet mail architecture, which include the following.
Message User Agent (MUA): Works on behalf of user actors and user applications.It is their representative within the e-mail service.
Mail Submission Agent (MSA): Accepts the message submitted by a MUAand enforces the policies of the hosting domain and the requirements of Internet standards.
Message Transfer Agent (MTA): Relays mail for one application-level hop.It is like a packet switch or IP router in that its job is to make routing assessmentsand to move the message closer to the recipients.
Mail Delivery Agent (MDA): Responsible for transferring the message fromthe MHS to the MS.
Message Store (MS): An MUA can employ a long-term MS. An MS can belocated on a remote server or on the same machine as the MUA.
Secure Email
Secure email is a safe, efficient alternative to regular email, fax and post. When you hit the send button on your secureeMail, the information contained in it is encrypted, so it can only be read by your intended recipient. By contrast, regular emails can be fairly easily intercepted and read by just about anyone.
The Secure eMail service is an important part of the process of joining up the Criminal Justice System (CJS) in England and Wales. It allows people working across the CJS who choose to participate, to send emails containing 'RESTRICTED' (i.e. sensitive data), in a secure way.
For the first time, it's made it possible for these key groups of people to send emails securely to each other.
How does Secure eMail work?
Criminal Justice organisations already have Secure email systems (GSI, GSX and CJX) which are part of the Government Secure Community. They can send and receive sensitive information through these systems.
Such organisations don't have to do anything to ensure that they are connected to the Secure eMail service, as this connects directly into - and is accredited by - the Government Secure Community.
Criminal Justice Practitioners are not a part of this secure community, it falls to the SecureeMail service to provide the technology to encrypt the contents of an email when they send it.
This encryption ensures that the email, if intercepted, will be unreadable. Once the email reaches its destination it will be decrypted so that the intended recipient can read it.
S/MIME
Secure/Multipurpose Internet Mail Extension (S/MIME) is a security enhancementto the MIME Internet e-mail format standard based on technology from RSA Data Security.
Although both PGP and S/MIME are on an IETF standards track, it appears likely that S/MIME will emerge as the industry standard for commercial and organizational use, while PGP will remain the choice for personal e-mail security for many users.
RFC 5322
Multipurpose Internet Mail Extension (MIME)
Multipurpose Internet Mail Extension (MIME) is an extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP)
Lists the following limitations of the SMTP/5322 scheme.
SMTP cannot transmit executable files or other binary objects
SMTP cannot transmit text data that includes national language characters, because these are represented by 8-bit codes with values of 128 decimal orhigher, and SMTP is limited to 7-bit ASCII.
SMTP servers may reject mail message over a certain size.
MIME is intended to resolve these problems in a manner that is compatiblewith existing RFC 5322 implementations.
The MIME specification includes the following elements.
Five new message header fields are defined, which may be included in an RFC 5322 header. These fields provide information about the body of the message.
A number of content formats are defined, thus standardizing representations that support multimedia electronic mail.
Transfer encodings are defined that enable the conversion of any content formatinto a form that is protected from alteration by the mail system.
S/MIME FUNCTIONALITY
Clear-signed data: As with signed data, a digital signature of the content isformed. However, in this case, only the digital signature is encoded usingbase64.As a result, recipients without S/MIME capability can view the messagecontent, although they cannot verify the signature.
Signed and enveloped data: Signed-only and encrypted-only entities may benested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted.
S/MIME – Certificates
a certificate can only be trusted if: