Security Labels - Technical Documentation

This feature is used to add security informations in a message which will be used to handle authorizations and access rights.

Implementation

Specifications

The reference for the implementation of this functionality is the RFC 2634

Architecture

Synthetic presentation of the architecture of the extension

This functionality is in the list of features to be implemented by the Mozilla foundation: http://www.mozilla.org/projects/security/pki/nss/smime/. So, it is integrated to the source code of Thunderbird, without relaying on an extension. Furthermore, this make more simple the addition of this functionality, because we need to update the heart of the product.

The heart of this implementation is to add attributes to the signature of a message. A message with a Security label must be signed. When receiving such a message, theses attributes are decoded in order to handle authorizations and access rights.

GUI files

To send a message with Security label, it is mandatory to sign the message. So, the Security Label is bound to the security layer.

At the GUI level, signing is implemented by a flag signMessage, encapsulated in a nsIMsgSMIMECompFields object. The whole code handling this flag is contained in the JS built-in library msgCompSMIMEOverlay.js.

Then, the object nsIMsgSMIMECompFields is forwarded to the XPCOM layer, that handles the signing. So, this class has been updated to add a flag for the Security label. Furthermore, the GUI has been updated so that the user can choose this Security label.

XPCOM files

Message sending

The implementation is mainly located in the file nsMsgComposeSecure.cpp in the nsMsgComposeSecure class.

This implementation mainly consists in adding attributes in the signature of a message. When sending a message, the built-in Thunderbird API build the following data structure :