Internet infrastructure - PowerPoint PPT Presentation

1 / 92
About This Presentation
Title:

Internet infrastructure

Description:

... 822 header fields to describe the content of a MIME entity. ... 'binary': identity encoding (= NO encoding, just stating the content as 7 bit or ... Content ... – PowerPoint PPT presentation

Number of Views:227
Avg rating:3.0/5.0
Slides: 93
Provided by: and6164
Category:

less

Transcript and Presenter's Notes

Title: Internet infrastructure


1
Internet infrastructure
  • Prof. dr. ir. André Mariën

2
Mail message formats
3
Mail message formats
  • RFC (2)822
  • MIME
  • S/MIME

4
RFC8222 structure
Rfc822 message
From x_at_y.com To i_at_j.org Cc u_at_v.net
Hello, RTFM Goodbye
5
Header body
  • Header lines separated with CR and LF
  • Empty CR-LF end of header

6
RFC 2822
  • Standard for Internet Message Format
  • Distinguished formalized header and body
  • Format ltfield namegt ltfield bodygt
  • Field names
  • "Return-Path", "Received", "Date", "From",
    "Subject", "Sender", "To", Cc, Bcc
  • "Message-ID, "References, "Keywords, "Subject

7
Characteristics
  • Messages consist of lines of text
  • No significant consideration to
  • data compression
  • transmission and storage efficiency
  • A general "memo" framework is used
  • But MIME and S/MIME address many of these
    shortcomings

8
Usage
  • Used in different message transfer protocol
    environments (822-MTSs).
  • SMTP Networks
  • STD 10, RFC 821, also known as Simple Mail
    Transfer Protocol (SMTP)
  • RFCs 1034 and 1035 Domain Name System
  • UUCP Networks (historical)
  • UNIX to UNIX CoPy protocol
  • used over dialup telephone networks
  • BITNET (historical)

9
SMTP envelop RFC822 headers
SMTP envelope RCPT TO d_at_x.com MAIL FROM
f_at_y.comp
RFC822 message
From u_at_i.com To d_at_x.com Subject all is
discovered!
Run while you can...
10
Bcc blind carbon copy
  • Rfc822 headers do not contain Bcc for other
    destinations
  • SMTP envelope contains delivery address

11
Mail groups
  • Expansion by sending agent
  • User defined groups
  • Expansion by SMTP agent
  • Corporate supported mail groups
  • Expansion by receiving agent
  • External addressable alias
  • Expansion on reception

12
MIME
  • Multipurpose Internet Mail Extensions

13
MIME Header Fields
  • a number of new RFC 822 header fields to describe
    the content of a MIME entity.
  • header fields occur in at least two contexts
  • As part of a regular RFC 822 message header.
  • In a MIME body part header within a multipart
    construct

14
New Headers
  • MIME-Version 1.0
  • Content-type
  • Content-Transfer-Encoding

15
Content Type syntax
  • lttypegt/ltsubtypegt (ltattributegtltvaluegt)
  • type discrete-type / composite-type
  • discrete-type "text" / "image" / "audio" /
    "video" / "application"
  • composite-type "message" / "multipart"
  • The subtype specification is MANDATORY
  • The type, subtype, and parameter names are not
    case sensitive

16
Content-Type parameters
  • text/plaincharset US-ASCII
  • the "charset" parameter is applicable to any
    subtype of "text"
  • multipart/mixedboundaryaaaaaa
  • the "boundary" parameter is required for any
    subtype of the "multipart" media type.

17
Content-Type
  • completely equivalent
  • Content-type text/plain charsetus-ascii (Plain
    text)
  • Content-type text/plain charsetus-ascii
  • Content-Type Defaults
  • no Content-Type plain text US-ASCII character
    set
  • Content-type text/plain charsetus-ascii

18
Encoding
19
Encoding
  • "Content-Transfer-Encoding" Header Field
  • RFC 821 (SMTP) restricts mail messages
  • to 7bit US-ASCII data
  • lines lt 1000 characters including any trailing
    CRLF line separator.
  • standard encoding mechanisms 7bit, 8bit, binary,
    quoted-printable, base64
  • provides two pieces of information
  • sort of encoding transformation
  • specifies what the domain of the result is

20
Defined encodings
  • encodings identity, the "quoted-printable"
    encoding, "base64" encoding
  • domains "binary", "8bit", "7bit".
  • "7bit", "8bit", "binary" identity encoding ( NO
    encoding, just stating the content as 7 bit or
    ...)
  • encodings "quoted-printable", "base64"
  • quoted-printable - readable encoding
  • Base64 uniform encoding

21
Example encoding
  • headers
  • Content-Type text/plain charsetISO-8859-1
  • Content-transfer-encoding base64
  • meaning
  • the body is a base64 US-ASCII encoding
  • data was originally in ISO-8859-1

22
"Quoted-Printable
  • Content-Transfer-Encoding quoted-printable
  • when
  • data that largely consists of printable
    characters (also) in US-ASCII set

23
Quoted-printable rules
  • General 8bit representation
  • c gt "" 2 two digit hexadecimal representation
  • example US-ASCII "", dec 61 gt "3D"
  • Literal representation
  • 33 lt c lt 60 62 lt c lt 126 gt corresponding
    US-ASCII characters

24
Quoted-printable rules
  • White Space
  • c 9 gt US-ASCII TAB, c 32 US-ASCII SPACE
  • Line Breaks
  • a CRLF sequence in the textgt (RFC 822) line
    break CRLF
  • Sequences like "0D", "0A", "0A0D" and
    "0D0A" may appear in data

25
Quoted-printable soft line breaks
  • Soft Line Breaks
  • lines lt 76 characters long
  • longer lines use "soft" line breaks "" as last
    character on line
  • example
  • Listen carefully, I will only say this once.
  • Listen carefully,
  • I will only
  • say this once.

26
"Base64" Content-Transfer-Encoding
  • designed to represent arbitrary sequences of
    octets in a form that need not be humanly
    readable
  • encoded about 33 percent larger than unencoded

27
Base64
  • A 65-character subset of US-ASCII is used 64
    special ("")
  • 6 bits per printable character
  • "", is used to signify a special processing
    function.
  • represented identically in all versions of
  • ISO 646, including US-ASCII
  • EBCDIC.

28
Base64 encoding process
  • 3 byte input gt 4 encoded characters (bytes)
  • 3 8bit inputs gt
  • 24 bits gt
  • 4 6bit groups gt
  • each single digit in the base64 alphabet

29
Encoding/decoding
bbbbbbbb
bbbbbbbb
bbbbbbbb
bbbbbb
bbbbbb
bbbbbb
bbbbbb
F(bbbbbb)
F(bbbbbb)
F(bbbbbb)
F(bbbbbb)
30
Encoding/decoding end
bbbbbbbb
bbbbbbbb
---
F(bbbbbb)
F(bbbbbb)
F(bbbb00)

bbbbbbbb
---
---
F(bbbbbb)
F(bb0000)


31
Base64 mapping
  • 6-bit group index into an array of 64 printable
    characters
  • 0-25 gt A-Z
  • 26-51 gt a-z
  • 52-61 gt 0-9
  • 62 gt
  • 63 gt /
  • pad

32
MIME Media Types
33
MIME Media Types
  • "text" textual information
  • subtype "plain" text containing no formatting
    commands or directives of any sort
  • Content-type text/plain charsetiso-8859-1
  • charsets
  • "US-ASCII" ANSI X3.4-1986
  • ISO-8859-X where "X" part of ISO-8859
    ISO-8859.

34
MIME Media types
  • application octet-stream, postscript, pdf
  • audio basic, mpeg
  • image jpeg, gif
  • message rfc822, news
  • model vrml
  • multipart form-data, signed, mixed, alternative
  • text plain, html, xml
  • video mpeg, quicktime

35
MIME Media Type "application"
  • some other kind of data, typically either
    uninterpreted binary data or information to be
    processed by an application
  • subtype "octet-stream" uninterpreted binary data

36
Composite top-level media types
  • multipart multiple entities of independent data
    types.
  • Multipart subtypes
  • "mixed" a generic mixed set
  • "alternative" same data in multiple formats
  • "parallel" to be viewed simultaneously
  • "digest" default type of each part is
    "message/rfc822".

37
Multipart body
  • must contain body parts
  • each one preceded by a boundary line
  • followed by a closing boundary line
  • Content-Type multipart/xxx boundary"ltsomestring
    gt"
  • The boundary delimiter line
  • CRLF--ltsomestringgtltCRLFgt
  • Final boundary delimiter line
  • CRLF--ltsomestringgt--ltCRLFgt

38
Each part in multipart
  • initial boundary delimiter line
  • header area, blank line, body area
  • RFC 822 syntax, different meaning.
  • NO header fields are actually required in body
    parts
  • relevant header fields "Content-".
  • no Content-Type, defaults
  • "multipart/digest "message/rfc822"
  • Otherwise "text/plain"

39
Preamble and epilogue
  • Problem in multipart specification two unused
    areas
  • In general not used no proper semantics
  • many implementations insert an explanatory note
    for recipients who read the message with
    MIME-challenged software

40
Example multipart message
  • Content-type multipart/mixed boundary"simple"
  • This is the preamble.
  • --simple
  • Content-type text/plain charsetus-ascii
  • message
  • --simple--
  • This is the epilogue. It is also to be ignored.

41
Multipart "message" encapsulated message
  • subtype "rfc822"
  • type "message/rfc822" body contains an
    encapsulated message, with RFC 822 syntax
  • a "message/rfc822" message could well be a News
    article or a MIME message.

42
MIME typing
  • Content handled by application
  • File recognition
  • Magic numbers
  • File extension
  • Fingerprinting content
  • Configuration
  • Application MIME type file extension(s)

43
References
  • RFC 2045 headers used to describe the structure
    of MIME messages
  • RFC 2046 general structure of the MIME media
    typing system and defines an initial set of media
    types
  • RFC 2047 to allow non-US-ASCII text data in
    header fields.
  • RFC 2049 conformance criteria examples,
    acknowledgements, bibliography.

44
S/MIME
45
S/MIME
  • Secure MIME

46
S/MIME
  • RFC 2311, 2633 S/MIME Version 23 Message
    Specification
  • S/MIME provides the following cryptographic
    security services
  • authentication
  • message integrity
  • non-repudiation of origin (using digital
    signatures)
  • privacy
  • data security (using encryption).

47
S/MIME not restricted to mail
  • can be used with any transport mechanism that
    transports MIME data
  • can be used in systems that use cryptographic
    security services that do not require (or
    support) any human intervention

48
Message security system
  • Connection security
  • Negociation phase
  • Protocols to be used
  • Keys to be used
  • Mutual authentication
  • Message security
  • Sender provides all elements

49
Message security signing
  • Actual data to be sent
  • Digest of data
  • Which digest algorithm?
  • Signature of digest
  • Which signing algorithm?

50
Message security additional info
  • Also provide response information
  • Add own certificate
  • Signing time
  • Add info on preferred
  • Public key system
  • Key encryption system
  • Symmetric key system
  • Hashing algorithm

51
PKCS standards
  • "PKCS 1 RSA Encryption"
  • "PKCS 7 Cryptographic Message Syntax"
  • "PKCS 10 Certification Request Syntax"

52
Message structure signed
  • Single PKCS7 signedData format
  • MIME type
  • application/pkcs7-mimesmime-typesigned-data
  • Composite message
  • MIME type multipart/signed
  • Part1 text/plain, application/msword, ...
  • Part2 application/pkcs7-signature

53
PKCS 7 content types
  • data
  • The data to be secured
  • signedData
  • to apply a digital signature to a message
  • to convey certificates
  • envelopedData
  • To provide confidentiality
  • Does not provide authentication

54
S/MIME provides
  • one format for enveloped-only data
  • several formats for signed-only data
  • several formats for signed and enveloped data

55
Preparing the MIME Entity
  • Needed for both Signing or Enveloping
  • S/MIME secures MIME entities
  • A MIME entity
  • sub-part(s) of a message
  • whole message with all its sub-parts.
  • whole message does not include the RFC-822
    headers (why not?)

56
Transfer Encoding
  • transfer encoding for all MIME entities
  • primary reason for the 7-bit requirement
    Internet mail transport infrastructure cannot
  • guarantee transport of 8-bit or binary data

57
application/pkcs7-mime
  • MIME type used to carry PKCS 7 objects
    envelopedData, signedData
  • general characteristics
  • always carries a single PKCS 7 object.
  • must always be BER encoding of the ASN.1 syntax
    describing the object

58
S/Mime type
  • The application/pkcs7-mime content type defines
    the optional "smime-type" parameter.
  • The intent of this parameter to convey details
    about the security applied (signed or enveloped)
    along with information about the contained
    content.
  • S/mime-types
  • enveloped-data EnvelopedData
  • signed-data SignedData
  • certs-only SignedData

59
Creating an Enveloped-only Message
  • the format for enveloping a MIME entity without
    signing it.
  • The MIME entity to be enveloped is prepared
  • The MIME entity and other required data is
    processed into a PKCS 7 object of type
    envelopedData.
  • The PKCS 7 object is inserted into an
    application/pkcs7-mime MIME entity.

60
Format for Signed-only Messages
  • Choice
  • multipart/signed format can always be viewed by
    the receiver whether they have S/MIME software or
    not
  • signedData format cannot be viewed by a
    recipient unless they have S/MIME facilities

61
multipart/signed parameters
  • two required parameters
  • the protocol parameter
  • "application/pkcs7-signature"
  • the micalg (message integrity check algorithm)
    parameter
  • md5, sha1, unknown

62
BOTH Signing and Encrypting
  • signing and enveloping signed-only -
    encrypted-only
  • may be nested
  • options
  • sign a message first
  • to envelope the message first.
  • It is up to the implementer and the user to
    choose.

63
Choice of order
  • Signing first
  • the signatories are then securely obscured by the
    enveloping.
  • Enveloping first
  • the signatories are exposed
  • It is possible to verify signatures without
    removing the enveloping

64
Certificate Processing
  • A receiving agent MUST provide some certificate
    retrieval mechanism in order to gain access to
    certificates for recipients of digital envelopes.
  • Example LDAP look-up
  • Receiving and sending agents SHOULD also provide
    a mechanism to allow a user to "store and
    protect" certificates for correspondents in such
    a way so as to guarantee their later retrieval.
  • Example certificate stores (why protect?)

65
References
  • RFC 1321 The MD5 Message Digest Algorithm"
  • RFC 2045 MIME Part 1 Format of Internet Message
    Bodies
  • RFC 2046 MIME Part 2 Media Types
  • RFC 1847 Security Multiparts for MIME
    Multipart/Signed and Multipart/Encrypted
  • RFC 2313 PKCS 1 RSA Encryption Version 1.5

66
References
  • RFC 2315 PKCS 7 Cryptographic Message Syntax
    Version 1.5
  • RFC 2314 PKCS 10 Certification Request Syntax
    Version 1.5

67
IMAP4
68
IMAP4
  • Internet Message Access Protocol version 4
  • Extensive, comprehensive protocol for post office
    access
  • Richer but more complicated than POP
  • RFC 2060

69
Connection oriented
  • TCP/IP connection
  • server port number 143
  • reply OK or NO or BAD or BYE
  • Reply
  • tagged (tag of request)
  • untagged
  • request/reply, but also unsolicited
  • Asynchronous operation possible

70
Tags in the reply
  • Request ID
  • Response to a request, the request ID is repeated
    in the reply
  • untagged server message
  • Not a reply for instance quota notifications
  • continuation required (for instance
    authentication)

71
Tag usage
  • gt Request0007 command
  • lt ...
  • lt ...
  • lt Request007 OK command completed

72
Message attributes
  • Numbers
  • Unique ID
  • Sequential ID
  • Flags
  • IMAP server reception timestamp
  • RFC822 size
  • RFC822 Envelope structure
  • Body structure (MIME)

73
Message flags system
  • \seen Message has been read
  • \answered Message has been answered
  • \flagged Message is flagged
  • \deleted Message is marked to-be-deleted
  • \draft message partially composed
  • \recent new message notification flag

74
IMAP operation
  • Commands depend on state
  • State transition diagram
  • Basic flow
  • Initial
  • Not authenticated
  • Authenticated
  • Selected
  • End

75
State diagram (from RFC 2060)
Initial connection and server greeting
1
2
3
Non-authenticated
4
7
Authenticated
6
5
7
Selected
7
Logout and close connection
76
Commands any state
  • CAPABILITY which authentication mechanisms?
  • NOOP
  • polling command to trigger unsolicited (!) status
    info
  • Session keep-alive (against time-out)
  • LOGOUT end session

77
Commandsnon-authenticated state
  • AUTHENTICATE authentication mechanism
  • LOGIN user name password

78
Example from RFC222 AUTHENTICATE
  • S OK IMAP4 Server
  • C A001 AUTHENTICATE SKEY
  • S
  • C bW9yZ2Fu
  • S OTUgUWE1ODMwOA
  • C Rk9VUiBNQU5OIFNPT04...TUFTSA
  • S A001 OK S/Key authentication successful

79
Commands authenticated managing mailboxes
  • CREATE mailbox name
  • DELETE mailbox name
  • RENAME existing mailbox name new mailbox name

80
Commands authenticated state browsing
  • LIST reference name wildcard mailbox name
  • Browsing metainfo (hierarchy separator)
  • STATUS mailbox name ( status data item names
    )
  • Number of messages

81
Commands authenticated selecting current mailbox
  • SELECT mailbox name
  • open read/write
  • Responses untagged
  • FLAGS (...)
  • ltngt EXISTS
  • ltngt RECENT
  • OK UNSEEN 134
  • EXAMINE mailbox name
  • open read-only, rest see SELECT

82
Commands selected state
  • CLOSE
  • Remove (silently) all messages marked for
    deletion
  • EXPUNGE
  • Remove (silently) all messages marked for
    deletion unmarked responses
  • ltmsg numbergt EXPUNGE
  • ...

83
FETCH command
  • Fetch ltmessage setgt ltdata item namesgt
  • Message set
  • ltnrgt
  • (highest number)
  • ltstartgtltendgt
  • ltnrgt,ltsetgt
  • Examples
  • 7
  • 5100
  • 7,5100,120,130

84
FETCH Data item names
  • BODY ltsectiongtltselectiongt
  • ltsectiongt RFC822 decomposition
  • ltselectiongt ltltfrombytegt.ltnrbytesgtgt
  • Example, first 100 bytes lt0.100gt

85
Fetch command BODY BODY.PEEK
  • BODYHEADER
  • BODYTEXT
  • BODYHEADER.FIELDS (field-name field-name)
  • BODYHEADER.FIELDS (DATE FROM)

86
FETCH command RFC822 decomposition
  • Top-level HEADER TEXT
  • MIME multipart/
  • 1.HEADER 1.TEXT 1.MIME
  • 2.HEADER 2.TEXT 2.MIME
  • ...

87
FETCH other elements
  • BODYSTRUCTURE
  • FLAGS
  • ENVELOPE
  • UID
  • INTERNALDATE

88
FETCH command example
  • X007 FETCH 28 (FLAGS BODYHEADER.FIELDS (DATE
    FROM) BODYTEXTlt0.100gt)
  • 2 FETCH ...
  • ...
  • 8 FETCH ...
  • X007 OK Fetch completed

89
SEARCH command
  • Conditions examples
  • ltSelect by numbergt ALL
  • To ltstringgt BCC ltstringgt Cc ltstringgt
  • BODY ltstringgt SUBJECT ltstringgt
  • Before ltdategt sentbefore ltdategt sentsince
    ltdategt senton ltdategt
  • Answered Deleted ...
  • Unanswered Undeleted ...
  • Smaller ltsizegt

90
Search reply
  • X007 search From student unanswered
  • search 5 8 12 45 77 123 453
  • X007 OK search completed

91
IMAP URLs
  • URL type IMAP
  • imap//imaphost?imap command

92
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com