Solving the content-type challenge of OTRmail extension

Abstract

Electronic mail has evolved and became a necessary mode of communication in this world today.

To combat leak of sensitive information, cryptography is employed. Some of the most common

cryptographic protocols used today are PGP (Pretty Good Protocol) and S/MIME (Secure

Multipurpose Internet Mail Extension). Although these protocols provide decent cryptographic

features like confidentiality and authentication, their keys and digital signatures are long lived.

These features however, are undesirable in social communication.

Conversely, OTR (Off-The-Record) protocols offers two desirable features suitable for social

communication, they are: perfect forward secrecy and repudiation.

Mozilla Thunderbird was chosen as the test bed for implementation due to a strong open source

community support. In this project report, I will discuss the intricacies in developing such an

Off-The-Record communication protocol through building a Mozilla Thunderbird extension addon

called OTRmail.

At present, there remains one problem left with OTRmail implementation. This happens

whenever a sender requests an email to be sent. From our conjecture, it seems that Thunderbird

always appends a default “Content-type” header: “text/plain” upon delivery of email to its

recipients. Currently, OTRmail is able to encrypt the message however; it is unable to alter the

“Content-type” header to its intended header “multipart/encrypted”. To solve this problem, one

can adopt two approaches. The first approach is to use existing Mozilla Thunderbird

documentation to amend the headers to the desired header while the second approach is to cross

examine codes with similar extension add-ons. On the account of several failed attempts by

preceding FYP students and a lack of Mozilla Thunderbird documentation to amend “Contenttype”

headers, I was compelled to adopt the second approach to resolve this problem.

Tapping on preceding FYP students’ findings, it is known that there is a Mozilla Thunderbird

extension “Enigmail” that provides similar encryption capabilities using PGP/SMIME and is

successful in altering the “Content-type” header. Unfortunately, there is no formal

documentation on the implementation of “Enigmail” to help address this problem. This report

thus focuses on providing proper documentation of Enigmail codes snippets relevant to

modification of “Content-type” headers.

With reference to “Enigmail” source code, there is a high possibility that a new extension other

than OTRmail is required to be deployed to intercept and modify the “Content-type” header

before relinquishing the program control flow back to Mozilla Thunderbird. This extension is

still under construction and has been archived for further implementation.