Secure Email Communication with XML-based Technologies

Email is one of the most successful applications in Internet. The current email format is specified in RFC 822 of Internet Engineering Task Force (IETF) and has several unavoidable restrictions. Firstly, the data structure is very complex. Header fields that describe the representation of the email body are merged with header fields for the addressing and administration and header fields added during the transport. Furthermore, the complexity of the structure of the email body increases when the email is signed or encrypted. Secondly, the email format is not suitable for massive storage. Thirdly, no individual information can be delivered to specific blind recipients. Thus the sending client either removes all blind recipients from the message—which results in that a blind recipient cannot check whether she is the intended one—or creates a message without blind recipients to all non-blind recipients and creates for each blind recipient a copy of the message with only the intended recipient in the “Bcc” field. Fourthly, the Signature and encryption must cover the message body as a whole, the message header remains unprotected. If the message is signed or encrypted, even if one wishes to read only one multipart body part, one must download the whole message, and verify the signature or process the decryption over the whole message. Fifthly, integrity of header fields is not protected in a signed email. This may result in phishing attacks when the sensitive fields are modified. To solve these problems, we developed a new email format, called XMail. A message is specified by an XML document. XML Signature and XML Encryption are used to secure the email communication. In XMail, it is possible to read, verify and decrypt only one multipart body part without retrieving the other body parts. Individual information can be sent to blind recipients so that only one copy of a message is needed, independent on the number of blind recipients. Due to the careful design of XMail, the storage of messages in email server and the reading of messages are very efficient. In this unified data structure, different key management technologies like PGP and X.509 can still be used. Furthermore we developed two solutions for the current email format. We propose to use parts of the security mechanisms designed for XMail in the current email format to achieve a security format for different key management technologies like PGP and X.509, and developed a lossless and simple storage format.