1 / 12

Integrating security services with the automatic processing of e-mail content

Integrating security services with the automatic processing of e-mail content. TERENA 2001 Antalya, 14-17 May 2001. Francesco Gennai, Marina Buzzi Istituto per le Applicazioni Telematiche, CNR - Pisa, Italy Francesco.Gennai@iat.cnr.it, Marina.Buzzi@iat.cnr.it. Motivation.

thyra
Download Presentation

Integrating security services with the automatic processing of e-mail content

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto per le Applicazioni Telematiche, CNR - Pisa, Italy Francesco.Gennai@iat.cnr.it, Marina.Buzzi@iat.cnr.it

  2. Motivation • The automatic processing of message content speeds up data processing, reducing human error as well. • In this context, signature verification by e-mail client could become a system bottleneck, thus justifying an automatic verification system.

  3. Objective • To automate the verification process of signed e-mails (electronic forms) in order to simplify the registration of Internet domains under the .IT Top Level Domain.

  4. Correct recognition of MIME parts containing protected data • The RFC 1847 (S-MIME) specifies how to apply security service to MIME body parts (two new content types are added:Multipart/signed and Multipart/encrypted). • The RFC 2630 describes the Cryptographic Message Syntax used to digitally sign, digest, authenticate, or encrypt messages. • The RFC 2633 defines the application/pkcs7-signature MIME type used to transport S/MIME signed messages and outlines requirements and recommendations for handling of incoming messages by receiving agents.

  5. Correct application of the verification process to the extracted MIME parts Mechanisms for certificate retrieval and validation • The RFC 2632 specifies basic rules to be applied by receiving agents in order to correctly verify a signed message. Framework for managing certificates and CRLs • The I-D "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" outlines the format and semantics of certificates and certificate revocation lists for the Internet PKI. Procedures are described for processing of certification paths in the Internet environment.

  6. Tools • MIME-compliant mail server • OpenSSL toolkit (libraries and application samples) was fundamental for implementation of the system http://www.openssl.org/

  7. LDAP query printer CA Database CRL Database CRL Manager Process Msg/Fax input process FAX input process Verification Processes MsgSmtp Process Message/Fax Database Message input process Message Status Cache MsgVerify system overview

  8. MsgVerify system overview • A global identifier is assigned to each message or fax entering the system, thus maintaining the temporal sequence of the requests; this is useful in order to avoid collisions on requests for the same domain name. • The message is stored in the Message/Fax Database that includes both messages and requests received via fax, stored as postscript files. • At the same time temporary information on the message status is stored in the Message Status Cache (for greater efficiency).

  9. MsgVerify system overview • A Message Verification process is activated in order to process the new message as well as messages already present in the Cache Database (due to temporary errors). • The Message Verification process interacts with the CAs and CRLs databases. • Certificates of trust CAs are added to (or removed from) the CA Database by the system administrator. • CRLs are automatically downloaded by the CRL ManagerProcess (which uploads the local CRL Database).

  10. MsgVerify message pathway NODO 1 (MX1) MV verification processes 1 MV verification processes 4 1 4 3 2 MV input process NODO2 (MX2) MV MsgSmtp process MV verification processes 3 MV verification processes 4 3 2 1 2 4 3 2 1

  11. Questions Please send an e-mail to: Francesco.Gennai@iat.cnr.it Marina.Buzzi@iat.cnr.it

More Related