MLS for Thunderbird, updated

May 14, 2008 § Leave a comment

A few months ago, I introduced “MLS for Thunderbird“, an on-going effort to add support for confidentiality in Thunderbird. After long months of silence, it seems that this student project, undertaken by Vincent Tarbouriech and Roland Thaisong, two Master Students in ENSI Bourges, is finally getting somewhere.

This extension interfaces with the underlying operating system (SELinux for now) to determine your security level and, if possible, that of your correspondants. If you attempt to send an e-mail to some recipient whose security level is inferior to yours, Thunderbird will warn you that a declassification is going to happen.

Multi-Layer Security for Thunderbird, prototype 1

The illustration on the left shows Thunderbird warning the user that sending this message will require declassification. The box in the lower-left corner may be used to manually ask for declassification. Obviously, some more work is needed on the actual message.

If the user decides to proceed and/or to manually declassify the message, a special header is added, to permit additional server-side checks :
Return-Path: <>
Received: from murder ([unix socket]) by [...] (Cyrus
v2.2.12-Invoca-RPM-2.2.12-1.1.fc3) with LMTPA; Tue, 13 May 2008 09:20:06
X-Sieve: CMU Sieve 2.2
Received: from [...] ([...]
[]) by [...] (Postfix) with ESMTP id
1A72E81DC for <[...]>; Tue, 13 May 2008 09:20:06
+0200 (CEST)
Received: from [...] (localhost []) by
[...] (Postfix) with ESMTP id 8AAA012B405 for
<[...]>; Tue, 13 May 2008 09:20:05 +0200 (CEST)
Received: from localhost.localdomain ([...] [])
by [...] (Postfix) with ESMTP id 751D832983 for
<[...]>; Tue, 13 May 2008 09:20:04 +0200 (CEST)
Received: from [] (labsdsp4 []) by localhost.localdomain
(8.14.2/8.14.1) with ESMTP id m4DAiDRr007599 for
<[...]>; Tue, 13 May 2008 12:44:14 +0200
Message-ID: <>
Date: Tue, 13 May 2008 12:44:13 +0200
From: [...]
User-Agent: Thunderbird (X11/20071016)
MIME-Version: 1.0
To: [...]
Subject: mls
X-Message-MLS-Level: root;sysadm_r;sysadm_t;SystemLow;s6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

The next step will be to provide that server-side treatment, as a procmail script. Stay tuned for more information.

Tagged: , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

What’s this?

You are currently reading MLS for Thunderbird, updated at Il y a du thé renversé au bord de la table.


%d bloggers like this: