S/MIME (Secure MIME)

Steven J. Greenwald, Independent Information Security Consultant

A Brief History of MIME

S/MIME Objectives and Threat Environment

Authentication

Message Integrity

Nonrepudiation

Message Privacy

S/MIME Usage

S/MIME Mechanisms

Cryptographic Message Syntax Support

Backward Compatibility

Diffie–Hellman Key Exchange

X.509 Certificates

Multiple Recipients

Creation and Interpretation of S/MIME Messages

Filename Extensions

Enveloped-Only Messages

Signed-Only Messages

Signing and Encrypting

Certificates-Only Message

Enhanced Security Services for S/MIME (RFC 2634)

Triple Wrapping

Signed Receipts

Security Labels

Secure Mailing Lists

Signing Certificates

Security Issues With the Enhancements

Alternatives to S/MIME

Conclusions

Glossary

Cross References

References

S/MIME (secure multipurpose Internet mail extensions) is a versatile standard designed to increase Internet e-mail security by providing authentication, message integrity, message origin nonrepudiation, and confidentiality. S/MIME is widely available because it is implemented in most modern e-mail user applications. Now in its third version, it can be considered fairly mature. S/MIME usually relies on X.509 certificates for key exchange. It assumes a threat environment in which adversaries can read and modify e-mail in transit and senders may wish to repudiate their messages. There are also some optional enhanced security services for S/MIME that provide signed receipts, security labels that can be used for MLS, ...