USENIX Conference Policies
MIME Object Security Services: Issues in a Multi-User Environment
James M. Galvin and Mark S. Feldman, Trusted Information Systems, Inc.
An Internet email message consists of two parts: the headers and the body. The format of the headers and how they should be interpreted is described in RFC822. The body is text under the user’s control and is not changed during normal mail transport.
Multipurpose Internet Mail Extensions (MIME) was developed to provide for multi-part textual and nontextual email message bodies. It defines a structure for the format of the body. However, until recently, MIME did not include support for security services. A specification has been proposed that defines a framework for digitally signing and encrypting MIME objects: Security Multiparts for MIME. The framework provides an embodiment of a MIME object and its digital signature or encryption key. It was designed to be useful by a variety of security protocols.
The MOSS protocol is a derivative of PEM. Although a MIME message could carry a PEM object or a PEM message could carry a MIME object, a better solution is to combine the features of both and provide a single, uniform solution in which the protocols function in a complementary fashion. MOSS is just such a solution.
author = {James M. Galvin and Mark S. Feldman},
title = {{MIME} Object Security Services: Issues in a {Multi-User} Environment},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/mime-object-security-services-issues-multi-user},
publisher = {USENIX Association},
month = jun
}