Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info



S/MIME (Secure Multipurpose Internet Mail Extension)

Related Entries    Web Links    New/Updated Information

Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

S/MIME is an extension of the popular MIME (Multipurpose Internet Mail Extension) electronic mail standard that adds security to protect against interception and e-mail forgery. Because S/MIME is an extension of MIME, it easily integrates with existing electronic messaging products. The demand for e-mail security is growing, along with a demand to validate the authenticity of messages. It is too easy for someone to post a message in a public forum that appears to be from someone else. E-mail security lets users electronically sign messages to prove their origin. Basically, S/MIME is designed to secure messages from prying eyes.

RSA Data Systems promotes S/MIME and VeriSign has set up a certificate hierarchy that supports S/MIME. The Web sites for these companies are listed on the related entries page.

Securing electronic mail has been problematic. Ease of use is one of the problems. Too many security schemes is another. There were two early attempts to standardize secure e-mail that have failed. These were PEM (Privacy Enhanced Mail) and MOSS (MIME Object Security Services). In the mean time, PGP (Pretty Good Privacy) has become a de facto standard and is now being developed as a standard by the IETF.

S/MIME version 2 is defined in RFC 2311 (S/MIME Version 2 Message Specification, March 1998) and RFC 2312 (S/MIME Version 2 Certificate Handling, March 1998). S/MIME v2 was considered as an IETF standard, but was rejected because the IETF felt that it was encumbered by patents held by RSA Data Security. In addition, S/MIME v2 used weak 40-bit key cryptography.

The IETF standardized S/MIME version 3 in 1999. This version is defined in RFC 2632 (S/MIME Version 3 Certificate Handling, June 1999), RFC 2633 (S/MIME Version 3 Message Specification, June 1999), and RFC 2634 (Enhanced Security Services for S/MIME, June 1999).

S/MIME v3 provides authentication, message integrity and nonrepudiation of origin (via digital signatures), and privacy and data security (via encryption). S/MIME is normally used to secure outgoing mail and interpret incoming secure mail. It may also be used to secure data across HTTP links. S/MIME v3 cryptographically enhances MIME body parts according to CMS (cryptographic message syntax), which is described in RFC 2630 (Cryptographic Message Syntax, June 1999). The Cryptographic Message Syntax describes an encapsulation syntax for data protection. Refer to the RFC for more information. Also see "Cryptography," "Public-Key Cryptography" and "X.509 Certificates."

An alternative encryption scheme is PGP, or Pretty Good Privacy, which has been used as a digital encryption and digital signature utility since 1991. The IETF working group called An Open Specification for Pretty Good Privacy (openpgp) is working to define Open-PGP standards. Open-PGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.