Author: Bill Heelan
$Date: 2000/07/20 23:37:55 $
$Revision: 1.1 $
This document describes the format (and some of the processing) used by the new mail system, Cacophonix.
We assume that the mail system shares a secret key with each nym (see ../../frmailauth/doc/nym-mac-key.html). This secret is generated with the nyms authentication certificate (see ../../frmailauth/doc/mail-cert.html). It's used for authentication purposes (i.e. a MAC key).
Following RFC 822, a mail header consists of two parts: the field-name, and the field-body. For example, in
X-Freedom-Sender: bob@freedom.net
X-Freedom-Sender
is the field-name, and
bob@freedom.net
is the field-body.
Assume the user's mail user agent (MUA) produces a message like the following
From:
Nsnd
To:
Nrcvt,
Ircvt
Cc:
Nrcvc,
Ircvc
Bcc:
Nrcvb,
Ircvb
text
where N represents a nym, and I is a non-Freedom (Internet) user. So Nrcvc would be the nym recipient from the Cc header. Call this Morig, the original message, which includes both the RFC 822 headers and the text.
This section describes the format of the message created by the SMTP proxy and the FMG, as well as some of the processing steps. The FMG acts as a proxy client for non-Freedom users.
These steps are followed by both the SMTP proxy and the FMG, with only minor differences.
X-Freedom-
* headers. The client also will
remove any other headers that might identify the actual sender. Call
the resulting sanitized message, Msan. A more detailed
explanation of header sanitizing can be found
elsewhere (http://add-link-when-available).
To
,
From
or Bcc
header becomes the sole
member of its own class
Bcc
header becomes the
sole member of its own class
To
and Cc
headers become members of the same class
Bcc
recipients
must not be aware of Bcc
recipients.
This section describes the format of the message destined to a nym, either from a non-Freedom user (via the FMG), or from another nym. It is assumed that the Common Steps, listed above, have been followed by the client or FMG, and that we now have a copy of Msan.
sender [ + internet email address ]From Internet to Nym, the sender field will be the FMG and there will be an internet email address field based on the message envelope sender (which will be used for the blocking list). From Nym to Nym, the client should ensure that the sender field is the sending nym's name. Since the mail is destined to a nym, there can be only one recipient. The flag field indicates whether the message is authenticated with a MAC (value is 0) or a signature (value is 1). When a nym sends mail to another nym it will use a signature, while the FMG will generate a MAC using the secret shared with the nym. (In the case of the FMG sending mail to a nym, we take advantage of the shared secret to avoid doing a public key operation.)
recipient
hash(Msan)
flag
{SNsnd | MACNsnd}(hash(sender, recipient, hash(Msan)))
where B isX-Freedom-Message-Auth:
base64(Hmsg)
base64(Msan)
base64(B)
If the message cannot be delivered, a bounce section will be base-64 decoded and put in the sending nym's mailbox, and the rest of the message will be thrown away. If the message can be delivered, the bounce section will be removed.X-Freedom-Message-Auth:
base64(Hbounce)
base64(Mbounce)
This section describes the procedure used by the client to generate mail for a non-Freedom user, including a newsgroup. It is assumed that the Common Steps, listed above, have been followed, and that we now have a copy of Msan.
X-Freedom-Recipients
header containing only the
envelope recipients, then add it to the headers in Msan.
The field-body will be a standard, comma separated list of email
addresses.
X-Freedom-Sender
header containing only the
envelope sender, which should be the nym name, then add it to the
headers in Msan. The field-body will have the form
nym-name@freedom.net (or nym-name@trial.freedom.net,
as appropriate).
X-Freedom-Envelope-Sig
header containing a
base-64 encoded signature over the field-bodies of the above two
headers. Add this header to Msan. This signature allows
the abuse department to validate headers.
The intention is to handle news posting via qmail. The process will be similar to sending mail to an Internet user, with the exception that the envelope header will have one or more of
group-name@news.freedom.netQmail will interpret a domain of news.freedom.net as a request for special processing by a mail to news gateway program.
Note: need more detail.
This section describes processing done by the mail system, either when receiving mail from a nym, or when receiving mail from the Internet.
The client will communicate with the mail system using the ESMTP protocol. The mechanism by which a nym authenticates itself to the mail system is described in ../../frmailauth/doc/mail-cert.html.
X-Freedom-Message-Auth
header,
The mail is passed on for further processing.
X-Freedom-Sender
must be the
same, and must match the authenticated nym.
From
header is replaced
by that of the X-Freedom-Sender
.
X-Freedom-Recipients
,
X-Freedom-Sender
and X-Freedom-Envelope-Sig
headers.
X-Freedom-Recipients
header.
X-Freedom-Mail-MAC
header, whose field-body is
date, MAC(date, fbodies)where fbodies is the field-bodies of the
X-Freedom-Sender
and X-Freedom-Recipients
headers, and date is the date at which the mail is processed.
The MAC verfies that the mail was processed by the Freedom system,
while the date may be of use to the abuse team.
The mail is passed on for further processing.
Note: the X-Freedom-Orig-
* and
X-Freedom-Sig
headers are deprecated in the new mail
system.
...
X-Freedom-
* headers? (This would help prevent
possible corruption of the information.)
X-Freedom-Sender
, or envelope sender) should be
nym-name@freedom.net, or nym-name@trial.freedom.net,
etc.
X-Freedom-Recipients
header for a nym recipient?
Short answer, no. Get details from AdamB or Roger.
We include the hash in the header so that the signature can be verified. The client can check that the message came from the claimed nym, they just have to wait until they download the message body before that can be validated.
Copyright © 2000 Zero-Knowledge Systems Inc.
All Rights Reserved