Triple Wrapping Technical Documentation
The reference for the implementation of this functionality is the RFC 2634
Synthetic presentation of the architecture of the extension
This functionality is in the list of features to be implemented by the Mozilla foundation: http://www.mozilla.org/projects/security/pki/nss/smime/. So, it is integrated to the source code of Thunderbird, without relaying on an extension. Furthermore, this make more simple the addition of this functionality, because we need to update the heart of the product.
This functionality is going to be integrated with the official source code by Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=380624
At the GUI level, signing and encrypting are implemented by two flags signMessage and requireEncryptMessage, encapsulated in a nsIMsgSMIMECompFields object. The whole code handling those flags are contained in the JS built-in library msgCompSMIMEOverlay.js.
Then, the object nsIMsgSMIMECompFields is forwarded to the XPCOM layer, that handles the signing and encrypting. So, this class has been updated to add a flag for the triple wrapping mode. Furthermore, the GUI has been updated so that the user can choose this security level.
The implementation is mainly located in the file nsMsgComposeSecure.cpp in the nsMsgComposeSecure class. This implementation handles the triple wrapping case and called the right existing routines to sign, then encrypt, then sign a message.
When receiving a message, the standard implementation is able to handle triple wrapped messages: the MIME library use a recursive algorithm and so is able to read a multi wrapped message.