Internet infrastructure

1
Internet infrastructure

• Prof. dr. ir. André Mariën

2
Mail message formats
3
Mail message formats

• RFC (2)822
• MIME
• S/MIME

4
RFC8222 structure
Rfc822 message
From x_at_y.com To i_at_j.org Cc u_at_v.net
Hello, RTFM Goodbye
5
Header body

• Header lines separated with CR and LF
• Empty CR-LF end of header

6
RFC 2822

• Standard for Internet Message Format
• Distinguished formalized header and body
• Format ltfield namegt ltfield bodygt
• Field names
• "Return-Path", "Received", "Date", "From",
  "Subject", "Sender", "To", Cc, Bcc
• "Message-ID, "References, "Keywords, "Subject

7
Characteristics

• Messages consist of lines of text
• No significant consideration to
• data compression
• transmission and storage efficiency
• A general "memo" framework is used
• But MIME and S/MIME address many of these
  shortcomings

8
Usage

• Used in different message transfer protocol
  environments (822-MTSs).
• SMTP Networks
• STD 10, RFC 821, also known as Simple Mail
  Transfer Protocol (SMTP)
• RFCs 1034 and 1035 Domain Name System
• UUCP Networks (historical)
• UNIX to UNIX CoPy protocol
• used over dialup telephone networks
• BITNET (historical)

9
SMTP envelop RFC822 headers
SMTP envelope RCPT TO d_at_x.com MAIL FROM
f_at_y.comp
RFC822 message
From u_at_i.com To d_at_x.com Subject all is
discovered!
Run while you can...
10
Bcc blind carbon copy

• Rfc822 headers do not contain Bcc for other
  destinations
• SMTP envelope contains delivery address

11
Mail groups

• Expansion by sending agent
• User defined groups
• Expansion by SMTP agent
• Corporate supported mail groups
• Expansion by receiving agent
• External addressable alias
• Expansion on reception

12
MIME

• Multipurpose Internet Mail Extensions

13
MIME Header Fields

• a number of new RFC 822 header fields to describe
  the content of a MIME entity.
• header fields occur in at least two contexts
• As part of a regular RFC 822 message header.
• In a MIME body part header within a multipart
  construct

14
New Headers

• MIME-Version 1.0
• Content-type
• Content-Transfer-Encoding

15
Content Type syntax

• lttypegt/ltsubtypegt (ltattributegtltvaluegt)
• type discrete-type / composite-type
• discrete-type "text" / "image" / "audio" /
  "video" / "application"
• composite-type "message" / "multipart"
• The subtype specification is MANDATORY
• The type, subtype, and parameter names are not
  case sensitive

16
Content-Type parameters

• text/plaincharset US-ASCII
• the "charset" parameter is applicable to any
  subtype of "text"
• multipart/mixedboundaryaaaaaa
• the "boundary" parameter is required for any
  subtype of the "multipart" media type.

17
Content-Type

• completely equivalent
• Content-type text/plain charsetus-ascii (Plain
  text)
• Content-type text/plain charsetus-ascii
• Content-Type Defaults
• no Content-Type plain text US-ASCII character
  set
• Content-type text/plain charsetus-ascii

18
Encoding
19
Encoding

• "Content-Transfer-Encoding" Header Field
• RFC 821 (SMTP) restricts mail messages
• to 7bit US-ASCII data
• lines lt 1000 characters including any trailing
  CRLF line separator.
• standard encoding mechanisms 7bit, 8bit, binary,
  quoted-printable, base64
• provides two pieces of information
• sort of encoding transformation
• specifies what the domain of the result is

20
Defined encodings

• encodings identity, the "quoted-printable"
  encoding, "base64" encoding
• domains "binary", "8bit", "7bit".
• "7bit", "8bit", "binary" identity encoding ( NO
  encoding, just stating the content as 7 bit or
  ...)
• encodings "quoted-printable", "base64"
• quoted-printable - readable encoding
• Base64 uniform encoding

21
Example encoding

• headers
• Content-Type text/plain charsetISO-8859-1
• Content-transfer-encoding base64
• meaning
• the body is a base64 US-ASCII encoding
• data was originally in ISO-8859-1

22
"Quoted-Printable

• Content-Transfer-Encoding quoted-printable
• when
• data that largely consists of printable
  characters (also) in US-ASCII set

23
Quoted-printable rules

• General 8bit representation
• c gt "" 2 two digit hexadecimal representation
• example US-ASCII "", dec 61 gt "3D"
• Literal representation
• 33 lt c lt 60 62 lt c lt 126 gt corresponding
  US-ASCII characters

24
Quoted-printable rules

• White Space
• c 9 gt US-ASCII TAB, c 32 US-ASCII SPACE
• Line Breaks
• a CRLF sequence in the textgt (RFC 822) line
  break CRLF
• Sequences like "0D", "0A", "0A0D" and
  "0D0A" may appear in data

25
Quoted-printable soft line breaks

• Soft Line Breaks
• lines lt 76 characters long
• longer lines use "soft" line breaks "" as last
  character on line
• example
• Listen carefully, I will only say this once.
• Listen carefully,
• I will only
• say this once.

26
"Base64" Content-Transfer-Encoding

• designed to represent arbitrary sequences of
  octets in a form that need not be humanly
  readable
• encoded about 33 percent larger than unencoded

27
Base64

• A 65-character subset of US-ASCII is used 64
  special ("")
• 6 bits per printable character
• "", is used to signify a special processing
  function.
• represented identically in all versions of
• ISO 646, including US-ASCII
• EBCDIC.

28
Base64 encoding process

• 3 byte input gt 4 encoded characters (bytes)
• 3 8bit inputs gt
• 24 bits gt
• 4 6bit groups gt
• each single digit in the base64 alphabet

29
Encoding/decoding
bbbbbbbb
bbbbbbbb
bbbbbbbb
bbbbbb
bbbbbb
bbbbbb
bbbbbb
F(bbbbbb)
F(bbbbbb)
F(bbbbbb)
F(bbbbbb)
30
Encoding/decoding end
bbbbbbbb
bbbbbbbb
---
F(bbbbbb)
F(bbbbbb)
F(bbbb00)

bbbbbbbb
---
---
F(bbbbbb)
F(bb0000)


31
Base64 mapping

• 6-bit group index into an array of 64 printable
  characters
• 0-25 gt A-Z
• 26-51 gt a-z
• 52-61 gt 0-9
• 62 gt
• 63 gt /
• pad

32
MIME Media Types
33
MIME Media Types

• "text" textual information
• subtype "plain" text containing no formatting
  commands or directives of any sort
• Content-type text/plain charsetiso-8859-1
• charsets
• "US-ASCII" ANSI X3.4-1986
• ISO-8859-X where "X" part of ISO-8859
  ISO-8859.

34
MIME Media types

• application octet-stream, postscript, pdf
• audio basic, mpeg
• image jpeg, gif
• message rfc822, news
• model vrml
• multipart form-data, signed, mixed, alternative
• text plain, html, xml
• video mpeg, quicktime

35
MIME Media Type "application"

• some other kind of data, typically either
  uninterpreted binary data or information to be
  processed by an application
• subtype "octet-stream" uninterpreted binary data

36
Composite top-level media types

• multipart multiple entities of independent data
  types.
• Multipart subtypes
• "mixed" a generic mixed set
• "alternative" same data in multiple formats
• "parallel" to be viewed simultaneously
• "digest" default type of each part is
  "message/rfc822".

37
Multipart body

• must contain body parts
• each one preceded by a boundary line
• followed by a closing boundary line
• Content-Type multipart/xxx boundary"ltsomestring
  gt"
• The boundary delimiter line
• CRLF--ltsomestringgtltCRLFgt
• Final boundary delimiter line
• CRLF--ltsomestringgt--ltCRLFgt

38
Each part in multipart

• initial boundary delimiter line
• header area, blank line, body area
• RFC 822 syntax, different meaning.
• NO header fields are actually required in body
  parts
• relevant header fields "Content-".
• no Content-Type, defaults
• "multipart/digest "message/rfc822"
• Otherwise "text/plain"

39
Preamble and epilogue

• Problem in multipart specification two unused
  areas
• In general not used no proper semantics
• many implementations insert an explanatory note
  for recipients who read the message with
  MIME-challenged software

40
Example multipart message

• Content-type multipart/mixed boundary"simple"
• This is the preamble.
• --simple
• Content-type text/plain charsetus-ascii
• message
• --simple--
• This is the epilogue. It is also to be ignored.

41
Multipart "message" encapsulated message

• subtype "rfc822"
• type "message/rfc822" body contains an
  encapsulated message, with RFC 822 syntax
• a "message/rfc822" message could well be a News
  article or a MIME message.

42
MIME typing

• Content handled by application
• File recognition
• Magic numbers
• File extension
• Fingerprinting content
• Configuration
• Application MIME type file extension(s)

43
References

• RFC 2045 headers used to describe the structure
  of MIME messages
• RFC 2046 general structure of the MIME media
  typing system and defines an initial set of media
  types
• RFC 2047 to allow non-US-ASCII text data in
  header fields.
• RFC 2049 conformance criteria examples,
  acknowledgements, bibliography.

44
S/MIME
45
S/MIME

• Secure MIME

46
S/MIME

• RFC 2311, 2633 S/MIME Version 23 Message
  Specification
• S/MIME provides the following cryptographic
  security services
• authentication
• message integrity
• non-repudiation of origin (using digital
  signatures)
• privacy
• data security (using encryption).

47
S/MIME not restricted to mail

• can be used with any transport mechanism that
  transports MIME data
• can be used in systems that use cryptographic
  security services that do not require (or
  support) any human intervention

48
Message security system

• Connection security
• Negociation phase
• Protocols to be used
• Keys to be used
• Mutual authentication
• Message security
• Sender provides all elements

49
Message security signing

• Actual data to be sent
• Digest of data
• Which digest algorithm?
• Signature of digest
• Which signing algorithm?

50
Message security additional info

• Also provide response information
• Add own certificate
• Signing time
• Add info on preferred
• Public key system
• Key encryption system
• Symmetric key system
• Hashing algorithm

51
PKCS standards

• "PKCS 1 RSA Encryption"
• "PKCS 7 Cryptographic Message Syntax"
• "PKCS 10 Certification Request Syntax"

52
Message structure signed

• Single PKCS7 signedData format
• MIME type
• application/pkcs7-mimesmime-typesigned-data
• Composite message
• MIME type multipart/signed
• Part1 text/plain, application/msword, ...
• Part2 application/pkcs7-signature

53
PKCS 7 content types

• data
• The data to be secured
• signedData
• to apply a digital signature to a message
• to convey certificates
• envelopedData
• To provide confidentiality
• Does not provide authentication

54
S/MIME provides

• one format for enveloped-only data
• several formats for signed-only data
• several formats for signed and enveloped data

55
Preparing the MIME Entity

• Needed for both Signing or Enveloping
• S/MIME secures MIME entities
• A MIME entity
• sub-part(s) of a message
• whole message with all its sub-parts.
• whole message does not include the RFC-822
  headers (why not?)

56
Transfer Encoding

• transfer encoding for all MIME entities
• primary reason for the 7-bit requirement
  Internet mail transport infrastructure cannot
• guarantee transport of 8-bit or binary data

57
application/pkcs7-mime

• MIME type used to carry PKCS 7 objects
  envelopedData, signedData
• general characteristics
• always carries a single PKCS 7 object.
• must always be BER encoding of the ASN.1 syntax
  describing the object

58
S/Mime type

• The application/pkcs7-mime content type defines
  the optional "smime-type" parameter.
• The intent of this parameter to convey details
  about the security applied (signed or enveloped)
  along with information about the contained
  content.
• S/mime-types
• enveloped-data EnvelopedData
• signed-data SignedData
• certs-only SignedData

59
Creating an Enveloped-only Message

• the format for enveloping a MIME entity without
  signing it.
• The MIME entity to be enveloped is prepared
• The MIME entity and other required data is
  processed into a PKCS 7 object of type
  envelopedData.
• The PKCS 7 object is inserted into an
  application/pkcs7-mime MIME entity.

60
Format for Signed-only Messages

• Choice
• multipart/signed format can always be viewed by
  the receiver whether they have S/MIME software or
  not
• signedData format cannot be viewed by a
  recipient unless they have S/MIME facilities

61
multipart/signed parameters

• two required parameters
• the protocol parameter
• "application/pkcs7-signature"
• the micalg (message integrity check algorithm)
  parameter
• md5, sha1, unknown

62
BOTH Signing and Encrypting

• signing and enveloping signed-only -
  encrypted-only
• may be nested
• options
• sign a message first
• to envelope the message first.
• It is up to the implementer and the user to
  choose.

63
Choice of order

• Signing first
• the signatories are then securely obscured by the
  enveloping.
• Enveloping first
• the signatories are exposed
• It is possible to verify signatures without
  removing the enveloping

64
Certificate Processing

• A receiving agent MUST provide some certificate
  retrieval mechanism in order to gain access to
  certificates for recipients of digital envelopes.
• Example LDAP look-up
• Receiving and sending agents SHOULD also provide
  a mechanism to allow a user to "store and
  protect" certificates for correspondents in such
  a way so as to guarantee their later retrieval.
• Example certificate stores (why protect?)

65
References

• RFC 1321 The MD5 Message Digest Algorithm"
• RFC 2045 MIME Part 1 Format of Internet Message
  Bodies
• RFC 2046 MIME Part 2 Media Types
• RFC 1847 Security Multiparts for MIME
  Multipart/Signed and Multipart/Encrypted
• RFC 2313 PKCS 1 RSA Encryption Version 1.5

66
References

• RFC 2315 PKCS 7 Cryptographic Message Syntax
  Version 1.5
• RFC 2314 PKCS 10 Certification Request Syntax
  Version 1.5

67
IMAP4
68
IMAP4

• Internet Message Access Protocol version 4
• Extensive, comprehensive protocol for post office
  access
• Richer but more complicated than POP
• RFC 2060

69
Connection oriented

• TCP/IP connection
• server port number 143
• reply OK or NO or BAD or BYE
• Reply
• tagged (tag of request)
• untagged
• request/reply, but also unsolicited
• Asynchronous operation possible

70
Tags in the reply

• Request ID
• Response to a request, the request ID is repeated
  in the reply
• untagged server message
• Not a reply for instance quota notifications
• continuation required (for instance
  authentication)

71
Tag usage

• gt Request0007 command
• lt ...
• lt ...
• lt Request007 OK command completed

72
Message attributes

• Numbers
• Unique ID
• Sequential ID
• Flags
• IMAP server reception timestamp
• RFC822 size
• RFC822 Envelope structure
• Body structure (MIME)

73
Message flags system

• \seen Message has been read
• \answered Message has been answered
• \flagged Message is flagged
• \deleted Message is marked to-be-deleted
• \draft message partially composed
• \recent new message notification flag

74
IMAP operation

• Commands depend on state
• State transition diagram
• Basic flow
• Initial
• Not authenticated
• Authenticated
• Selected
• End

75
State diagram (from RFC 2060)
Initial connection and server greeting
1
2
3
Non-authenticated
4
7
Authenticated
6
5
7
Selected
7
Logout and close connection
76
Commands any state

• CAPABILITY which authentication mechanisms?
• NOOP
• polling command to trigger unsolicited (!) status
  info
• Session keep-alive (against time-out)
• LOGOUT end session

77
Commandsnon-authenticated state

• AUTHENTICATE authentication mechanism
• LOGIN user name password

78
Example from RFC222 AUTHENTICATE

• S OK IMAP4 Server
• C A001 AUTHENTICATE SKEY
• S
• C bW9yZ2Fu
• S OTUgUWE1ODMwOA
• C Rk9VUiBNQU5OIFNPT04...TUFTSA
• S A001 OK S/Key authentication successful

79
Commands authenticated managing mailboxes

• CREATE mailbox name
• DELETE mailbox name
• RENAME existing mailbox name new mailbox name

80
Commands authenticated state browsing

• LIST reference name wildcard mailbox name
• Browsing metainfo (hierarchy separator)
• STATUS mailbox name ( status data item names
  )
• Number of messages

81
Commands authenticated selecting current mailbox

• SELECT mailbox name
• open read/write
• Responses untagged
• FLAGS (...)
• ltngt EXISTS
• ltngt RECENT
• OK UNSEEN 134
• EXAMINE mailbox name
• open read-only, rest see SELECT

82
Commands selected state

• CLOSE
• Remove (silently) all messages marked for
  deletion
• EXPUNGE
• Remove (silently) all messages marked for
  deletion unmarked responses
• ltmsg numbergt EXPUNGE
• ...

83
FETCH command

• Fetch ltmessage setgt ltdata item namesgt
• Message set
• ltnrgt
• (highest number)
• ltstartgtltendgt
• ltnrgt,ltsetgt
• Examples
• 7
• 5100
• 7,5100,120,130

84
FETCH Data item names

• BODY ltsectiongtltselectiongt
• ltsectiongt RFC822 decomposition
• ltselectiongt ltltfrombytegt.ltnrbytesgtgt
• Example, first 100 bytes lt0.100gt

85
Fetch command BODY BODY.PEEK

• BODYHEADER
• BODYTEXT
• BODYHEADER.FIELDS (field-name field-name)
• BODYHEADER.FIELDS (DATE FROM)

86
FETCH command RFC822 decomposition

• Top-level HEADER TEXT
• MIME multipart/
• 1.HEADER 1.TEXT 1.MIME
• 2.HEADER 2.TEXT 2.MIME
• ...

87
FETCH other elements

• BODYSTRUCTURE
• FLAGS
• ENVELOPE
• UID
• INTERNALDATE

88
FETCH command example

• X007 FETCH 28 (FLAGS BODYHEADER.FIELDS (DATE
  FROM) BODYTEXTlt0.100gt)
• 2 FETCH ...
• ...
• 8 FETCH ...
• X007 OK Fetch completed

89
SEARCH command

• Conditions examples
• ltSelect by numbergt ALL
• To ltstringgt BCC ltstringgt Cc ltstringgt
• BODY ltstringgt SUBJECT ltstringgt
• Before ltdategt sentbefore ltdategt sentsince
  ltdategt senton ltdategt
• Answered Deleted ...
• Unanswered Undeleted ...
• Smaller ltsizegt

90
Search reply

• X007 search From student unanswered
• search 5 8 12 45 77 123 453
• X007 OK search completed

91
IMAP URLs

• URL type IMAP
• imap//imaphost?imap command

92
(No Transcript)