The Secure Multipurpose Internet Mail Extensions (S/MIME) is
|“||the recommended protocol for email authentication and confidentiality. S/MIME is particularly useful for authenticating mass email mailings originating from mailboxes that are not monitored, since the protocol uses PKI to authenticate digitally signed messages, avoiding the necessity of distributing the sender's public key certificate in advance. However, S/MIME senders need to possess the certificate of each recipient if the sender wishes to send encrypted mail. Research is underway that will allow the DNS to be used as a lightweight publication infrastructure for S/MIME certificates.||”|
The Secure Multi-purpose Internet Mail Extensions (S/MIME) is a set of widely implemented proposed Internet standards for cryptographically securing email [RFC 5750] [RFC 5751]. S/MIME provides authentication, integrity and non-repudiation (via digital signatures) and confidentiality (via encryption). S/MIME utilizes asymmetric keys for cryptography (i.e. public key cryptography) where the public portion is normally encoded and presented as X.509 digital certificates.
With S/MIME, signing digital signatures and message encryption are two distinct operations: messages can be digitally signed, encrypted, or both digitally signed and encrypted. Because the process is first to sign and then encrypt, S/MIME is vulnerable to re-encryption attacks; a protection is to include the name of the intended recipient in the encrypted message.
- "Overview" section: NIST Special Publication 800-177, at 9.