S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification[1] with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

Function

S/MIME provides the following cryptographic security services for electronic messaging applications:

S/MIME specifies the MIME type application/pkcs7-mime[2] (smime-type "enveloped-data") for data enveloping (encrypting) where the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.

S/MIME certificates

Before S/MIME can be used in any of the above applications, one must obtain and install an individual key/certificate either from one's in-house certificate authority (CA) or from a public CA. The accepted best practice is to use separate private keys (and associated certificates) for signature and for encryption, as this permits escrow of the encryption key without compromise to the non-repudiation property of the signature key. Encryption requires having the destination party's certificate on store (which is typically automatic upon receiving a message from the party with a valid signing certificate). While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require the user to install their own certificate before they allow encrypting to others. This is necessary so the message can be encrypted for both, recipient and sender, and a copy of the message can be kept (in the sent folder) and be readable for the sender.

A typical basic ("class 1") personal certificate verifies the owner's "identity" only insofar as it declares that the sender is the owner of the "From:" email address in the sense that the sender can receive email sent to that address, and so merely proves that an email received really did come from the "From:" address given. It does not verify the person's name or business name. If a sender wishes to enable email recipients to verify the sender's identity in the sense that a received certificate name carries the sender's name or an organization's name, the sender needs to obtain a certificate ("class 2") from a CA, who carries out a more in-depth identity verification process, and this involves making inquiries about the would-be certificate holder. For more detail on authentication, see digital signature.

Depending on the policy of the CA, the certificate and all its contents may be posted publicly for reference and verification. This makes the name and email address available for all to see and possibly search for. Other CAs only post serial numbers and revocation status, which does not include any of the personal information. The latter, at a minimum, is mandatory to uphold the integrity of the public key infrastructure.

S/MIME Working Group of CA/Browser Forum

In 2020, the S/MIME Certificate Working Group[3] of the CA/Browser Forum was chartered to create a baseline requirement applicable to CAs that issue S/MIME certificates used to sign, verify, encrypt, and decrypt email. That effort is intended to create standards including:

  • Certificate profiles for S/MIME certificates and CAs that issue them
  • Verification of control over email addresses
  • Identity validation
  • Key management, certificate lifecycle, CA operational practices, etc.

Version 1 of the Baseline Requirements for the Issuance and Management of Publicly‐Trusted S/MIME Certificates was published on January 1, 2023 by the CA/Browser Forum. It defined four types of S/MIME certificate standards. Mailbox‐validated, Organization‐validated, Sponsor‐validated and Individual‐validated.[4]

Obstacles to deploying S/MIME in practice

  • S/MIME is sometimes considered not properly suited for use via webmail clients. Though support can be hacked into a browser, some security practices require the private key to be kept accessible to the user but inaccessible from the webmail server, complicating the key advantage of webmail: providing ubiquitous accessibility. This issue is not fully specific to S/MIME: other secure methods of signing webmail may also require a browser to execute code to produce the signature; exceptions are PGP Desktop and versions of GnuPG, which will grab the data out of the webmail, sign it by means of a clipboard, and put the signed data back into the webmail page. Seen from the view of security this is a more secure solution.
  • S/MIME is tailored for end-to-end security. Logically it is not possible to have a third party inspecting email for malware and also have secure end-to-end communications. Encryption will not only encrypt the messages, but also the malware. Thus if mail is not scanned for malware anywhere but at the end points, such as a company's gateway, encryption will defeat the detector and successfully deliver the malware. The only solution to this is to perform malware scanning on end user stations after decryption. Other solutions do not provide end-to-end trust as they require keys to be shared by a third party for the purpose of detecting malware. Examples of this type of compromise are:
    • Solutions which store private keys on the gateway server so decryption can occur prior to the gateway malware scan. These unencrypted messages are then delivered to end users.
    • Solutions which store private keys on malware scanners so that it can inspect messages content, the encrypted message is then relayed to its destination.
  • Due to the requirement of a certificate for implementation, not all users can take advantage of S/MIME, as some may wish to encrypt a message without the involvement or administrative overhead of certificates, for example by encrypting the message with a public/private key pair instead.

Any message that an S/MIME email client stores encrypted cannot be decrypted if the applicable key pair's private key is unavailable or otherwise unusable (e.g., the certificate has been deleted or lost or the private key's password has been forgotten). However, an expired, revoked, or untrusted certificate will remain usable for cryptographic purposes. Indexing of encrypted messages' clear text may not be possible with all email clients. Neither of these potential dilemmas is specific to S/MIME but rather cipher text in general and do not apply to S/MIME messages that are only signed and not encrypted.

S/MIME signatures are usually "detached signatures": the signature information is separate from the text being signed. The MIME type for this is multipart/signed with the second part having a MIME subtype of application/(x-)pkcs7-signature. Mailing list software is notorious for changing the textual part of a message and thereby invalidating the signature; however, this problem is not specific to S/MIME, and a digital signature only reveals that the signed content has been changed.

Security issues

On May 13, 2018, the Electronic Frontier Foundation (EFF) announced critical vulnerabilities in S/MIME, together with an obsolete form of PGP that is still used, in many email clients.[5] Dubbed EFAIL, the bug required significant coordinated effort by many email client vendors to fix.[6] Mitigations for both Efail vulnerabilities have since been addressed in the security considerations section of RFC 8551.

See also

References

  1. ^ RFC 2045: Multipurpose Internet Mail Extensions (MIME). Part One was published in November 1996.
  2. ^ Balladelli, Micky; Clercq, Jan De (2001). Mission-critical Active Directory: Architecting a Secure and Scalable Infrastructure for Windows 2000. Digital Press. p. 550. ISBN 9781555582401. S/MIME adds new MIME content types that provide data confidentiality, integrity protection, nonrepudiation, and authentication services: application/pkcs7-mime, multipart/signed, and application/pkcs7-signature
  3. ^ CA/Browser Forum S/MIME Certificate Working Group https://cabforum.org/working-groups/smime-certificate-wg/
  4. ^ "CA/Browser Forum S/MIME Baseline Requirements" (PDF). CA/Browser Forum. Retrieved Apr 4, 2023.
  5. ^ Gebhart, Danny O'Brien and Gennie (2018-05-13). "Attention PGP Users: New Vulnerabilities Require You To Take Action Now". Electronic Frontier Foundation. Retrieved 2018-05-29.
  6. ^ Hansen, Robert (2018-05-20). "Efail: A Postmortem". Robert Hansen. Retrieved 2018-05-30.

Read other articles:

African skimmer

Species of bird African skimmer Conservation status Least Concern (IUCN 3.1)[1] Scientific classification Domain: Eukaryota Kingdom: Animalia Phylum: Chordata Class: Aves Order: Charadriiformes Family: Laridae Genus: Rynchops Species: R. flavirostris Binomial name Rynchops flavirostrisVieillot, 1816 The African skimmer (Rynchops flavirostris) is a species of bird belonging to the skimmer genus Rynchops in the family Laridae. It is found along rivers, lakes and lagoons in Sub...

Comando delle forze speciali dell'Esercito

Comando delle forze speciali dell'EsercitoScudetto del COMFOSE. Descrizione generaleAttivofebbraio 2014 - oggi Nazione Italia Servizio Esercito Italiano TipoComando delle Forze speciali Ruoloaddestramento, approntamento, sviluppo dottrinale e procedurale delle forze speciali e per operazioni speciali dell'Esercito Italiano Quartier generaleSan Piero a Grado (Pisa) Parte di COMFOTER COE Reparti dipendenti9º Reggimento d'assalto paracadutisti Col Moschin 185º Reggimento paracadutisti RAO 4

Robert Maclennan, Baron Maclennan of Rogart

British Liberal Democrat politician and life peer (1936–2020) The Right HonourableThe Lord Maclennan of RogartPCOfficial portrait, 2018President of the Liberal DemocratsIn office1 January 1995 – 31 December 1998LeaderPaddy AshdownPreceded byCharles KennedySucceeded byDiana MaddockLeader of the Liberal DemocratsActingIn office3 March 1988 – 16 July 1988Serving with David SteelPreceded byPosition establishedSucceeded byPaddy AshdownLeader of the Social Democratic...

История Аджарии

История Аджарии — история грузинской автономной республики Аджария. Содержание 1 Древняя и средневековая Аджария 2 Аджария под властью Османской империи 3 Аджария под властью России 4 Британская оккупация 5 Аджария в Грузинской Демократической Республике 6 Аджария при со

Перкі-Мазовше

Село Перкі-Мазовшепол. Perki-Mazowsze Координати 52°58′27″ пн. ш. 22°45′32″ сх. д. / 52.9744000000277779° пн. ш. 22.75890000002777924° сх. д. / 52.9744000000277779; 22.75890000002777924Координати: 52°58′27″ пн. ш. 22°45′32″ сх. д. / 52.9744000000277779° пн. ш. 22.75890000002777924° сх. д.&...

Норманське вторгнення до Ірландії

Норманське вторгнення до Ірландії Країна  Ірландія Місце розташування Ірландія Дата й час 1169 Час/дата початку 1169 Час/дата закінчення 1175 Учасник(и) Celtic kingdom of Irelandd і Королівство Англія Норманське вторгнення до Ірландії (1169—1172) — експедиції військ англо-нормандс...

الحياة البرية في السعودية

خريطة طبوغرافية للمملكة العربية السعودية الحياة البرية في المملكة العربية السعودية كبيرة ومتنوعة حيث أن السعودية بلد كبير للغاية يشكل الجزء الأكبر من شبه الجزيرة العربية، ويتميز بالعديد من المناطق الجغرافية، ولكل منها مجموعة متنوعة من النباتات والحيوانات تتكيف مع موائ...

باسم خفاجي

هذه المقالة يتيمة إذ تصل إليها مقالات أخرى قليلة جدًا. فضلًا، ساعد بإضافة وصلة إليها في مقالات متعلقة بها. (يناير 2018) باسم كمال درويش خفاجي معلومات شخصية الميلاد سنة 1962 (العمر 60–61 سنة)  بورسعيد،  مصر الجنسية مصري. الأولاد 3 أبناء - بنت وولدان. الحياة العملية التعلّم تخر...

Evolusi molekuler

Bagian dari seriGenetika   Komponen penting Kromosom DNA RNA Genom Pewarisan Mutasi Nukleotida Variasi Garis besar Indeks Sejarah dan topik Pengantar Sejarah Evolusi (molekuler) Genetika populasi Hukum Pewarisan Mendel Genetika kuantitatif Genetika molekuler Penelitan Pengurutan DNA Rekayasa genetika Genomika ( templat) Genetika medis Cabang-cabang genetika Pengobatan personal Pengobatan personal lbs Evolusi molekuler merupakan proses evolusi yang terjadi pada skala DNA, RNA, dan protein...

Yoga Body

2010 book on the history of yoga as exercise by Mark Singleton Yoga Body: The Origins of Modern Posture Practice On the book's cover, a young woman performs Ustrasana, camel poseAuthorMark SingletonSubjectHistory of modern yogaPublisherOxford University PressPublication date2010Pages262OCLC318191988 Yoga Body: The Origins of Modern Posture Practice is a 2010 book on yoga as exercise by the yoga scholar Mark Singleton. It is based on his PhD thesis, and argues that the yoga known worldwide is,...

Außenminister der Vereinigten Staaten

Antony Blinken, Außenminister seit dem 26. Januar 2021 Der Außenminister der Vereinigten Staaten (United States Secretary of State) leitet das Außenministerium der Vereinigten Staaten (United States Department of State) und ist Mitglied des Kabinetts des Präsidenten. Er ist verantwortlich für die Umsetzung der internationalen Beziehungen der Vereinigten Staaten. Eigentlich als Staatssekretär bezeichnet, lässt sich der Posten des United States Secretary of State am ehesten als Außenmin...

Ken Macha

American baseball player and manager Baseball player Ken MachaMacha (center) with the Milwaukee Brewers in 2009Third baseman / ManagerBorn: (1950-09-29) September 29, 1950 (age 73)Monroeville, Pennsylvania, U.S.Batted: RightThrew: RightProfessional debutMLB: April 12, 1974, for the Pittsburgh PiratesNPB: April 4, 1982, for the Chunichi DragonsLast appearanceMLB: September 30, 1981, for the Toronto Blue JaysNPB: September 19, 1985, fo...

Bud Clancy

American baseball player (1900-1968) Baseball player Bud ClancyFirst basemanBorn: (1900-09-15)September 15, 1900Odell, IllinoisDied: September 26, 1968(1968-09-26) (aged 68)Ottumwa, IowaBatted: LeftThrew: LeftMLB debutAugust 29, 1924, for the Chicago White SoxLast MLB appearanceJune 27, 1934, for the Philadelphia PhilliesMLB statisticsBatting average.281Home runs12Runs batted in198 Teams Chicago White Sox (1924–1930) Brooklyn Dodgers (1932) Philadelphia Ph...

On Yam Estate

Public housing estate in Kwai Chung, Hong Kong On Yam EstateOn Yam EstateGeneral informationLocation7 On Chuk Street, North Kwai ChungNew Territories, Hong KongCoordinates22°22′22″N 114°08′28″E / 22.372899°N 114.14112°E / 22.372899; 114.14112StatusCompletedCategoryPublic rental housingPopulation15,736[1] (2016)No. of blocks8[2]No. of units5,492[2]ConstructionConstructed1994; 29 years ago (1994)AuthorityHong Kon...

Afon Lwyd

River in south-east Wales Afon LwydAfon LlwydThe Afon Lwyd weir and fish leap at Pontymoile. The bridge carries the Monmouthshire and Brecon Canal.LocationCountryWalesRegionSouth East WalesDistrictTorfaenPhysical characteristicsSource  • locationbetweenBrynmawr and Blaenavon, Torfaen, Wales Discharge  • locationCaerleon Basin featuresTributaries  • leftNant y Gollen, Nant Dar, Nant Ffrwd Oer, Trosnant The Afon Lwyd or Af...

Broomfield Hospital

Hospital in Essex, EnglandBroomfield HospitalMid and South Essex NHS Foundation TrustNew EntranceShown in EssexGeographyLocationCourt Road, Broomfield, Chelmsford, Essex, EnglandCoordinates51°46′28″N 0°27′58″E / 51.7745°N 0.4661°E / 51.7745; 0.4661OrganisationCare systemNational Health ServiceTypeGeneralAffiliated universityBarts and The London School of Medicine and Dentistry; Anglia Ruskin School of MedicineServicesEmergency departmentYesBeds800HelipadYes...

Vangelo Egerton

Vangelo EgertonFrammento del papiro contenente il vangeloDatazione50-100 Fontidetti e storie tradizionali di Gesù ManoscrittiPapiro Egerton 2; Papyrus Köln 255 Il Papiro Egerton 2 è un insieme di frammenti (due fogli completi e il resto di un terzo, più un frammento di cinque righe trovato successivamente)[1] di un codice in lingua greca contenente un vangelo anonimo, noto come Vangelo Egerton, ora alla British Library. Si tratta di uno dei frammenti più antichi di vangelo. Il co...

Sarashina Nikki

Manuscripts written by TeikaThe Sarashina Diary (更級日記, Sarashina Nikki) is a memoir written by the daughter of Sugawara no Takasue, a lady-in-waiting of Heian-period Japan. Her work stands out for its descriptions of her travels and pilgrimages and is unique in the literature of the period, as well as one of the first in the genre of travel writing. Lady Sarashina was a niece on her mother's side of Michitsuna's mother, author of another famous diary of the period, the Kagerō Nikki (...

Say It In Slang

Say It In Slang is an album and the 6th studio Album by Marshmallow Coast.[1]2006 studio album by Marshmallow CoastSay It In SlangStudio album by Marshmallow CoastReleasedOctober 24, 2006 (2006-10-24)Genrepop Rock Indie Rock Indie popLength42:05LabelHappy Happy Birthday To Me RecordsMarshmallow Coast chronology AntiStar (Album)(2003) Say It In Slang(2006) Phreak Phantasy(2009) Track listing All tracks are written by Andy Gonzales Except where noted.No.TitleLength1.Saili...

Bassa Sababa

2019 single by NettaBassa SababaSingle by Nettafrom the EP Goody Bag Released1 February 2019 (2019-02-01)StudioStav BegerBardoGenreDance-popEDMMizrahielectropopLength2:58LabelTedy ProductionsUnicellBMG Rights Management (US)S-CurveSongwriter(s)Netta BarzilaiStav BegerAvshalom ArielProducer(s)Stav BegerNetta singles chronology Toy (2018) Bassa Sababa (2019) Nana Banana (2019) Music videoBassa Sababa on YouTube Bassa Sababa (Hebrew transliteration: באסה סבבה) is a song re...

Dangerous Moves
Allan, Queensland
Sezione aurea
Mathias Metternich
América Futebol Clube (São José do Rio Preto)
Corfù
Midas List
كلايتون لاثام
Simo, Simo, Boyolali
Otto Brandenburg
313th Air Division
Зимние Олимпийские игры 2026
San Juan del Río (Querétaro)
Cup of Russia de 2002
Rehdener Geestmoor
Janne Puurtinen
Roti buaya
Mônaco nos Jogos Olímpicos de Inverno de 2006
Ashley HomeStore
Ісаак Сирин
Fusion! Wes Montgomery with Strings
ウエスト (飲食店)
The Lamb Lies Down on Broadway
HTC Corporation
Solo Display Team
Zwei Gefangene
Hawke's Bay United Football Club
Commission on the Filipino Language
التهاب الجنبة
Liste der Fahnenträger der malischen Mannschaften bei Olympischen Spielen
Marie d'Avaugour
Tweede Kamerverkiezingen in het kiesdistrict Bergum (1888-1897)
Raška (negara)
Peupök leumo
Testify (M People song)
Christine Lavant
Wyatt Oleff
Rouben Mamoulian
Chittagong
أنتوني منداين
Daftar katedral di Inggris
Eastmoreland Golf Course
Islam di Italia
Ishim constituency
2014 United States state legislative elections
Sepak bola di Azerbaijan
Анхель Франко Мартінес
Aleksey Ovchinin
Extreme Movie
Razumkov Centre
Kerkbuurt, Schagen
John Climacus
Love Among Thieves
アルムニAC
Kenneth City, Florida
Концептуальна модель
Dasht-e Shesh Ābeh
عبد الباري الفرنجي محلي
List of European cities by population within city limits
2023 Jordan Shield Cup
Francesco Bracci
Zakynthos
Cobra (2022 film)
Kaiji (2009 film)
Dante's Inferno (song)
Fukuoka (film)
R. M. Sahai
Lala Mehmed Pasha
El Argar
Arne Austeen
Valya Karnaval
2019 Rutgers Scarlet Knights football team
Adobe World Headquarters
Judith Durham
Perahu Madura
Thulo Pokhara
Enikő Eszenyi
Museum of Science Fiction
The Disney Gallery
Prashant Pillai
Taximeter
I. D. Dua
خوان، أمير أستورياس
Kalipait, Tegaldlimo, Banyuwangi
Hay Inclined Plane
Los cañones de Navarone
Muret
Battle of Alcácer Quibir
Ghost Pilots
Changi Air Base (East)
Alfred Hettner
Keluarga Bachchan
ناثانيل كورير
Ministry of Education (Taiwan)
Dự án bản đồ gen người
Hunter Estuary Wetlands
Higaonna Kanryō
Festival Istiqlal
越南電視台 (越南共和國)
Взаємовідносини між організмами
Alexa Gruschow
Juice=Juice
Social reality
عبد الله وليد (ممثل)
Palmera (film)
Steganography tools
Orlando nightclub shooting
The Deadline (film)
Eswatini–South Africa border
Nivedyam (2007 film)
Leonard Medal
Bupati
Encore (Eminem album)
António Bentes
أماندين ليونو
Angry Dad: The Movie
Gabrielsen Natatorium
Croton-Harmon High School
Russian conquest of the Caucasus
Herbin Hoyos
Sri Lanka aux Jeux olympiques d'été de 2020
San Justo, Buenos Aires
Asteroid Redirect Mission
Phil Foglio
Narros de Saldueña
Manuel Akanji
Lake Hamilton and Lake Catherine
Panther Books
Leicester Gataker
M55自走炮
Love in the Big City (film)
Israel Beytenou
Sullia Assembly constituency
Daring Young Man
Bob Dylan
Nordland
Central Denmark Region
خوان غويتيسولو
Ali Mustafa
Norwegian Historical Association
Valdelugueros
KIMS
1601
Alpine skiing at the 2002 Winter Olympics – Women's giant slalom
Agona Nkwanta
عريس لأختي (فيلم)
List of programmes broadcast by Ekushey Television
Music of Oklahoma
Sukarame, Bayongbong, Garut
Shenzhen Symphony Orchestra
Puente de Branko
Nickelback
Marlow, Germany
2022 in Barbados
Black film
Lingam
George Paxton (golfer)
Template talk:1955 films
Bronxville
Современное фэнтези
Golden Dragon Museum
Daeg Faerch
Mixed-orientation marriage
Ayesha Harruna Attah
Nova Lituania
Inmersión lingüística
John Pesutto
John Pulskamp
John Lewis (pianist)
Bob Beswick
Concierto para piano n.º 1 (Beethoven)
Mexique aux Jeux olympiques d'été de 1992
SAT en Espagne
Sergei Stepashin
Семантическая оптимизация запросов СУБД
Сонячне (озеро)
خير أباد (تشناران)
Bolivian river dolphin
Emília Rotter
Rijnvoetbalkampioenschap 1928/29 (West-Duitsland)
Dawn of the Dead
UKChartsPlus
Suvorov ordeni
History of the Saskatchewan Roughriders
Kelayan Dalam, Banjarmasin Selatan, Banjarmasin
1667
Century Media Records
NU'EST W的L.O.Λ.E便當
Karawang Barat, Karawang
Qorakulcha
⑦ Berryz TIMES
Alincthun
العلاقات الإيرانية البيلاروسية
Marpissa formosa
Bélesta, Pyrénées-Orientales
白天鹅宾馆
Hyland Hill (bukid sa Tinipong Bansa, New Hampshire)
ريتشارد جوز
Toni Morrison
Murtaugh
Santalla
Louis Billouart de Kerlerec
Список подружек месяца Playboy
23 (lagu)
ފެބްރުއަރީ 30
Renée Green
Sur (tribe)
Kampi i refugjatëve "Zaatari"
Dopamin
Hamiltono maršrutas
Dritter Syrischer Krieg
Carlos Monzón
Jabal Migi (bukid sa Habagatang Sudan)
Nowa Georgia (grupa wysp)
Kerr Creek (suba sa Tinipong Bansa, Texas, Gonzales County)
Ølneset
Næveråsen (bungtod sa Noruwega, Aust-Agder fylke)
Lys van regeringshoofde van Frankryk
Cripple Fight
Mto Warumbi
Anita Johansson
Kaliwungu, Kudus
In the Beginning (Angel)
Aspen Creek (suba sa Tinipong Bansa, Alaska, Matanuska-Susitna Borough)
Erica maximiliani
1992 Cricket World Cup statistics
NGC 5816
Bird Hill (bukid sa Tinipong Bansa, Missouri)
Hapoel Ashkelon FC
Altenberg (Bergisches Land)
Šimraki
Endaeus camerunicus
Свидетели «Архипелага ГУЛАГ»
La nuit du carrefour
Ribas (Bande)
Smart Fortwo
Kota Palayan
Evertmoen
Quebrada Pucará (suba nga anhianhi sa Peru, Lima, lat -11,70, long -76,82)
Eyüpspor 2022-23 sezonu
Sergio Floccari
Montegallo
Bullenhausen
Екатериновский район
Oru külakeskus