Digitally-Signed Email: Authentication and Digital Signatures

E-mail was one of the first “killer apps” on the Internet, and has been a major contributor to increases in productivity over the past ten years. Of course, along with email came the scourge of spam. Criminals infect computers with trojan horse programs, creating collections of machines they control remotely to send millions of unsolicited offers for fake watches, pirated software, phony medications and ecard invitations to infect your computer.

As spam reaches 30, 40 or even 100 unwanted messages per day on a targeted account, it is becoming essential to automatically separate legitimate messages from spam. One tool available to senders of legitimate emails to aid the recipient in this process is to digitally sign their messages, allowing the recipient to establish a level of comfort that the message actually came from the indicated sender.

Continue reading “Digitally-Signed Email: Authentication and Digital Signatures”


The Packet-Switched Telecommunications Network

Over the past fifty years, several attempts have been made to develop converged networks: networks with “dial tone” that supports all communications: speech, music, text, graphics, images and video. For a number of reasons, convergence strategies employing ISDN and ATM were unsuccessful and did not gain critical mass. This time, it appears that packet-switched network service using IP will gain enough momentum to become the new kind of plain ordinary telecommunications service.

Continue reading “The IP-PSTN”


Following is a section from the new third edition of the Telecom 101 textbook, tracing the flow of information from server to client over a TCP/IP/MPLS protocol stack.

18.8 TCP/IP Over MPLS

MPLS is deployed for managing traffic on IP networks, and in conjunction with other technologies like VPNs covered in Chapter 19, will end up replacing all other services, including dedicated T1s, Frame Relay, ATM and ISDN.

Since MPLS is a virtual circuit technology, the packet flow from server to client over an MPLS network is similar to the Frame Relay flow examined earlier.

Starting with the server on the right, which is downloading a file to the client on the left, we take a chunk of the file and give it to the TCP software running on the server. That puts a sequence number, error check and application port number on the chunk of the file, passes this to the IP software on the server and starts a timer. The IP software adds the source and destination IP addresses to form an IP packet, which is put in an 802.3 LAN frame (that uses the 802.2 logical link layer protocol), with the MAC address of the premise router on the right pasted on the frame. The frame is then broadcast onto the Gigabit Ethernet over copper (1000BASE-T) LAN on the right and directed to the premise router by the LAN switch.

The premise router on the right brings in the LAN frame, extracts the packet and passes it to the routing software on the premise router, which makes a routing decision, puts the packet in a LAN frame, changes the MAC address, recalculates the error check and sends it over the Gigabit Ethernet over fiber (1000BASE-LX) access circuit to the service provider’s MPLS network.

diagram of TCP/IP/MPLS protocol stack


The service provider receives this packet with an ingress Label Switching Router (LSR). That device examines the IP address on the packet and along with other factors, decides what Forwarding Equivalence Class the packet belongs to, and implements its decision by labelling the packet with a 20-bit label identifying the FEC. It then does a table lookup to determine what network device packets with this label are forwarded to, and transmits the labelled packet in a frame on the appropriate circuit.

Each LSR in the middle of the network (not shown) brings in the frame, extracts the packet then only looks at the label and performs a table lookup to determine where to forward it and what priority to give it.

Eventually the labelled packet is delivered to the network’s egress LSR on the left. This device removes the label from the packet and uses conventional IP routing to send the packet in an Ethernet frame to the customer’s premise router on the left. 

The premise router on the left brings in the packet, and looks in a table to find out what MAC address (what LAN card) is currently assigned that IP address. If it does not find an entry, it broadcasts an address resolution request on the LAN at the left using the Address Resolution Protocol (ARP), asking “who owns this IP address?” The client responds with its MAC address. The premise router puts the packet in a LAN frame with that MAC address on the front, and broadcasts the frame onto the LAN at the left. The LAN switch on the left directs the frame to the client on the left. 

The client pulls in the frame, extracts the packet and gives it to the IP software on the client. Seeing that the destination IP address on the packet is the same as its address, the client’s IP software extracts the data out of the packet and gives it to the TCP software on the client. This checks the error check, and if it fails, discards the data. 

Shortly after, the TCP timer on the server times out, so the TCP software on the right retransmits the data. Let’s say the second time, it passes the error check at the client, so the client TCP software sends an acknowledgement to the server, then extracts the data from the TCP protocol data unit and parks it in a memory space for the application identified by the port number on the TCP header… the file transfer application, which picks up the data shortly after.

Meanwhile, we’re sending the next one.


Want more ?
There is, of course, much more to the story than this brief tutorial.

This discussion is actually the final discussion in a whole chapter that leads up to it, starting with bandwidth on demand and packet network fundamentals, ideas like virtual circuits and jargon like connectionless network services, then going through the technologies: X.25, Frame Relay, TCP/IP over Frame Relay, understanding what is needed for voice over packet networks, how Frame Relay doesn’t do it, but ATM was supposed to, then MPLS and how QoS is implemented with MPLS and finally the discussion above.

This topic is covered in more detail in Teracom instructor-led courses, DVD video Computer-Based Training courses, and textbooks.
Telecom 101 textbook, 3rd edition: Chapter 18 (26 pages)

Course 101 Telecom, Datacom and Networking for Non-Engineers
: Chapter 15
Course 110 Understanding IP Telecom: IP, VoIP and MPLS for Non-Engineers: Chapters 5, 8 and 13
DVD 4 Understanding Networking 1: Part 3