| Summary: | Electronic mail has evolved and became a necessary mode of communication in this world today.
To combat leak of sensitive information, cryptography is employed. Some of the most common
cryptographic protocols used today are PGP (Pretty Good Protocol) and S/MIME (Secure
Multipurpose Internet Mail Extension). Although these protocols provide decent cryptographic
features like confidentiality and authentication, their keys and digital signatures are long lived.
These features however, are undesirable in social communication.
Conversely, OTR (Off-The-Record) protocols offers two desirable features suitable for social
communication, they are: perfect forward secrecy and repudiation.
Mozilla Thunderbird was chosen as the test bed for implementation due to a strong open source
community support. In this project report, I will discuss the intricacies in developing such an
Off-The-Record communication protocol through building a Mozilla Thunderbird extension addon
called OTRmail.
At present, there remains one problem left with OTRmail implementation. This happens
whenever a sender requests an email to be sent. From our conjecture, it seems that Thunderbird
always appends a default “Content-type” header: “text/plain” upon delivery of email to its
recipients. Currently, OTRmail is able to encrypt the message however; it is unable to alter the
“Content-type” header to its intended header “multipart/encrypted”. To solve this problem, one
can adopt two approaches. The first approach is to use existing Mozilla Thunderbird
documentation to amend the headers to the desired header while the second approach is to cross
examine codes with similar extension add-ons. On the account of several failed attempts by
preceding FYP students and a lack of Mozilla Thunderbird documentation to amend “Contenttype”
headers, I was compelled to adopt the second approach to resolve this problem.
Tapping on preceding FYP students’ findings, it is known that there is a Mozilla Thunderbird
extension “Enigmail” that provides similar encryption capabilities using PGP/SMIME and is
successful in altering the “Content-type” header. Unfortunately, there is no formal
documentation on the implementation of “Enigmail” to help address this problem. This report
thus focuses on providing proper documentation of Enigmail codes snippets relevant to
modification of “Content-type” headers.
With reference to “Enigmail” source code, there is a high possibility that a new extension other
than OTRmail is required to be deployed to intercept and modify the “Content-type” header
before relinquishing the program control flow back to Mozilla Thunderbird. This extension is
still under construction and has been archived for further implementation.
|
|---|