view Side-By-Side changes
INTERNET DRAFT Mats Jansson, LiNKdraft-ietf-ediint-as1-02.txtdraft-ietf-ediint-as1-03.txt Chuck Shih, ActraNancy Turaj, Mitre Corp.Expire in six months Rik Drummond, Drummond Group19 November, 19967 March, 1997 MIME-based Secure EDI Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Abstract This document describes how to securely exchange EDI documents using MIME and public key cryptography. Feedback Instructions: If you want to provide feedback on this draft, follow these guidelines: -Send feedback via e-mail tomjansson@agathon.com,the ietf-ediint list for discussion, with "AS#1" in the Subject field. To enter/follow the discussion, you need to subscribe at ietf-ediint@imc.org. -Be specific as to what section you are referring to, preferably quoting the portion that needs modification, after which you state your comments. -If you are recommending some text to be replaced with your suggested text, again, quote the section to be replaced, and be clear on the section in question.-If you are questioning fundamental methods, make it clear to us and we will bring the issue to the ediint list for discussion. To follow the discussion, you need to subscribe at ietf-ediint@imc.org.Table of Contents 1. Introduction 2. Overview 2.1 Purpose of a security guideline for MIME EDI 2.2 Definitions 2.2.1 Terms 2.2.2 The secure transmission loop 2.2.3 Definition of receipts 2.3 Assumptions 2.3.1 EDI process assumptions 2.3.2 Flexibility assumptions 3.Structure of an EDI MIME message 3.1Referenced RFCs and their contribution3.1.13.1 RFC 821 SMTP [7]3.1.23.2 RFC 822 Text Message Format [3]3.1.3 RFC 1521 MIME [1] 3.1.43.3 RFC 1847 MIME Security Multiparts [6]3.1.53.4 RFC 1892 Multipart/report [9]3.1.63.5 RFC 1767 EDI Content [2]3.1.73.6 RFC 2015 PGP/MIME [4]3.1.83.7 RFC 2045,2046, and 2049 MIME [1] 3.8 Internet draft (fajman): Message Disposition Notification [5]3.1.9 RSA Specifications3.9 Internet draft (dusse): - S/MIME(RSA Security, Inc.)Specification [8]3.2 Vocabulary 3.34. Structure of an EDI MIME message -No encryption/No signature 3.4Applicability 4.1 Introduction 4.2 Structure of an EDI MIME message -S/MIME 3.4.1 S/MIME Overview 3.4.2 Example: S/MIME - Signature Only 3.4.3 Example: S/MIME - Encryption Only 3.4.4 Example: S/MIME - Signature and Encryption 3.5PGP/MIME 4.2.1 No encryption, no signature 4.2.2 No encryption, signature 4.2.3 Encryption, no signature 4.2.4 Encryption, signature 4.3 Structure of an EDI MIME message -PGP/MIME 3.5.1.PGP/MIME Overview 3.5.2 Example: PGP/MIME - Signature Only 3.5.3 Example: PGP/MIME - Encryption Only 3.5.4 Example: PGP/MIME - Signature and Encryption 4.S/MIME 4.3.1 No encryption, no signature 4.3.2 No encryption, signature 4.3.3 Encryption, no signature 4.3.4 Encryption, signature 5. Receipts4.15.1 Introduction4.25.2 Requesting a signed receipt4.35.2.1 Additional signed receipt considerations 5.3 Message Disposition Notification Format4.45.3.1 Message Disposition Notification Extension Fields 5.4 Message Disposition Notification Processing4.4.15.4.1 Large File Processing4.4.25.4.2 Example5.6. Public key certificate handling5.16.1 Near term approach5.26.2 Long term approach6.7. Authors' Addresses7.8. References 1. Introduction The authors would like to extend special thanks to Carl Hage Dale Moberg and Karen Rosenthal for providing the team with valuable, and very thorough feedback. Without participants likeCarl,these, these efforts become hard to complete in a way useful to the users of the technology. The authors would also like to thank Nancy Turaj for her help in editing portions of this document. Previous work on Internet EDI focused on specifying MIME content types for EDI data ([2] RFC 1767). This Applicability Statement expands on RFC 1767 to specify use of a comprehensive set of data security features, specifically data privacy, data integrity/authenticity, non-repudiation of origin and non- repudiation of receipt. This draft recognizes contemporary RFCs and Internet drafts and is attempting to "re-invent" as little as possible. With anenhancementsenhancement in the area of "receipts", as described below (3.1.8), secure Internet MIME based EDI can be accomplished by using and complying with the following RFCs and drafts: -RFC 821 SMTP -RFC 822 Text Message Formats -RFC1521 MIME -RFC1767 EDI Content Type -RFC 1847 Security Multiparts for MIME -RFC 1892 Multipart/Report -RFC 2015 MIME/PGP (elkins) -RFC 2045 to 2049 MIME RFCs -Internet draft: Message Disposition Notification (fajman)-RFC 2015 MIME/PGP (elkins)-Internet draft: S/MIME Specification (dusse) Our intent here is to define clearly and precisely how these arepieced togetherused together, and what is required by user agents to be compliant with this Applicability Statement. 2. Overview 2.1 Purpose of a security guideline for MIME EDI The purpose of these specifications is to ensure interoperability between EDI user agents, invoking some or all of the commonly expected security features. This standard is also NOT limited to strict EDI use, but applies to any electronic commerce application where business data needs to be exchanged over the Internet in a secure manner. 2.2 Definitions 2.2.1. Terms EDI Electronic Data Interchange EC Electronic Commerce Receipt The functional message that is sent from a receiver to a sender to acknowledge receipt of an EDI/EC interchange Signed Receipt Same as above, but with a digital signature Message Disposition The way by which a receipt or a signed Notification (MDN) receipt is accomplished within Internet Messaging. Non-repudiation of NRR is a "legal event" that occurs when the Receipt (NRR) original sender of an EDI/EC interchange has verified the signed receipt coming back from the receiver. NRR IS NOT a functional or a technical message. PGP/MIME Digital envelope security based on the Pretty Good Privacy (PGP) standard (Zimmerman), integrated with MIME Security Multiparts [6]. S/MIME A format and protocol for adding cryptographic signature and/or encryption services to Internet MIME messages. 2.2.2 The secure transmission loop The functional requirements document, [9] "Requirements for Inter- operable Internet EDI" (can be found at www.ietf.org),provides extensive information on EDI security and the user/business related processes surrounding the need for and use of EDI security. In this document, it is assumed that the reader is familiar with the requirements document. This document's focus is on the formats and protocols for exchanging EDI content that has had security applied to it using the Internet's messaging transport. The "secure transmission loop" for EDI involves one organization sending a signed and encrypted EDI interchange to another organization, requesting a "signed receipt", followed later by the receiving organization sending this "signed receipt" back to the sending organization. In other words, the following transpires: -The organization sending EDI/EC data encrypts the data and provides a digital signature, using either PGP/MIME or S/MIME. In addition, they request a "signed receipt". -The receiving organization decrypts the message and verifies the signature, resulting in verified integrity of the data and authenticity of the sender. -The receiving organization then sends a "signed receipt" in the form of a signature over the hash from the previous step. The above describes functionality which if implemented, would satisfy all security requirements. This specification, however, leaves full flexibility for users to decide the degree to which they want to deploy those features with their EDI trading partners. 2.2.3 Definition of receipts The term used for both the functional activity and message for acknowledging receipt of an EDI/EC interchange is "receipt", or "signed receipt". The first term is used if the acknowledgment is for an interchangethat was not signed, therebyresulting in a receipt which isalso notNOT signed. The second term is used if the acknowledgment is for an interchangewhich was signed,resulting in a receipt whichis alsoIS signed. Therule"rule" is: If a receipt is requested,it willexplicitly specifying that the receipt besigned only ifsigned, then theoriginal interchange was signed. A term often used in combination with receipts is "Non- repudiation of Receipt (NRR). NRR refersreceipt indeed has to be returned with alegal event which occurs only when the original sender of an interchange has verified the sender and content ofsignature. If a"signed receipt". Note that NRRreceipt isnot possible without signatures. 2.3 Assumptionsrequested, explicitly specifying that the receipt be signed, but the recipient cannot support the requested signature format, then a receipt, either signed or unsigned should be returned. If a signature is not explicitly requested, or if the signed receipt request parameter is not recognized by the UA, all bets are off. This is consistent with the MDN draft. A term often used in combination with receipts is "Non-repudiation of Receipt (NRR). NRR refers to a legal event which occurs only when the original sender of an interchange has verified the sender and content of a "signed receipt". Note that NRR is not possible without signatures. 2.3 Assumptions 2.3.1 EDI process assumptions -Encrypted object is an EDI Interchange This specification assumes that a typical EDI interchange is the lowest level object that will be subject to security features. In ANSI X12, this means anything between, and including segments ISA and IEA. In EDIFACT, this means anything between, and including, segments UNA/UNB and UNZ. In other words, the EDI interchanges including envelope segments remain intact and unreadable during secure transport. -EDI envelope headers are encrypted Congruent with the above statement, EDI envelope headers are NOT visible in the MIME package. In order to optimize VAN-to- Internet routing, work may need to be done in the future to define ways to pull out some of the envelope information to make them visible, however, this specification does not go into any detail on that. -X12.58 and UN/EDIFACT security considerations The most common EDI standards, ANSI X12 and EDIFACT, have defined internal provisions for security. X12.58 is the security mechanism for ANSI X12 and AUTACK provides security for EDIFACT. This specification DOES NOT dictate use or non-use of these security standards. They are both fully compatible, though possibly redundant, with this specification. 2.3.2 Flexibility assumptions -Encrypted or un-encrypted data This specification allows for EDI message exchange where the EDI data is either un-protected or protected by means of encryption. -Signed or un-signed data This specification allows for EDI message exchange with or without digital signature of the original EDI transmission. -Use of receipt or not(signature required for "Signed Receipt")This specification allows for EDI message transmission with or without a request for receipt notification. If a signed receipt notification is requested, however, a signature is required as part ofboth the original EDI transmission andthe returnedreceipt.receipt, unless an error condition occurs in which a signed-receipt cannot be returned. In these cases an un-signed receipt or MDN should be returned with the correct "signed-receipt-disposition" value. -Formatting choices This specification defines use of two methods for formatting EDI contents that have security applied to it: -PGP/MIME -S/MIME This specification relies on the guidelines set forth in theInternet draft on PGP/MIME,RFC 2015, as reflected in [4] MIME Security with Pretty Good Privacy (PGP), and Internet draft [8] S/MIME Specification from RSA Security, Inc. (dusse) Compliance with this specification dictates that AT LEAST one of these methods is supported. -Hash function, message digest choices When signature is used, unless specified otherwise by the chosen method (PGP/MIME or S/MIME), theMD5SHA1 checksum hash function is recommended. In summary, the following eight permutations arepossible,possible in any given trading relationship: (1) Sender sends un-encrypted data, does NOT request a receipt. (2) Sender sendsunencryptedun-encrypted data, requests a receipt. Receiver sends back a receipt. (3) Sender sends encrypted data, does NOT request a receipt. (4) Sender sends encrypted data, requests a receipt. Receiver sends back a receipt. (5) Sender sends signed data, does NOT request a signed or un-signed receipt. (6) Sender sends signed data, requests a signed or un-signed receipt. Receiver sends back a signed or un-signed receipt. (7) Sender sends encrypted and signed data, does NOT request a signed or un-signed receipt. (8) Sender sends encrypted and signed data, requests a signed or un-signed receipt. Receiver sends back a signed or un-signed receipt. NOTE: Users can choose any of the eight possibilities, but only example(8)(8), when a signed receipt is requested, offers the whole suite of security features described in the "Secure transmission loop" above.NOTE: A request for receipt that is signed, MUST result in a signed receipt. A request for receipt without signature MUST result in an un-signed receipt.3.Structure of an EDI MIME message The following sub chapters describe the structure of EDI MIME messages, making use of security features in different ways. Please note that if a signed receiptReferenced RFCs and their contribution 3.1 RFC 821 SMTP [7] This isto be returned,theoriginal EDI transmission also hadcore mail transfer standard that all MTAs need tohave been signed. The structures shown below represent the use of specifications outlined in the following RFCs and Internet-drafts, and before moving into the structures themselves, there is a brief review of what each document contributes. NOTE: The examples below are just that - examples. Do not code according to them. Refer to the RFCs that specify the correct grammar in each case. 3.1 Referenced RFCs and their contribution 3.1.1 RFC 821 SMTP [7] This is the core mail transfer standard that all MTAs need to adhere to. 3.1.2 RFC 822 Text Message Format [3] Defines message header fields andadhere to. 3.2 RFC 822 Text Message Format [3] Defines message header fields and the parts making up a message.3.1.3 RFC 1521 MIME [1] This is the basic MIME standard, upon which all MIME related RFCs build, including this one. Key contributions include definition of "content type" and sub-type "multipart", in addition to encoding guidelines, which establish 7-bit US-ASCII as the lowest common denominator used. 3.1.43.3 RFC 1847 MIME Security Multiparts [6] This document defines security multiparts for MIME: multipart/encrypted and multipart/signed.\ 3.1.53.4 RFC 1892 Multipart/report [10] This RFC defines the use of Multipart/report content type, something that the MDN draft (fajman) relies on for the receipt functionality.3.1.63.5 RFC 1767 EDI Content [2] This RFC defines the use of content type "application" for ANSI X12 (application/EDI-X12), EDIFACT (application/EDIFACT) and mutually defined EDI (application/EDI-Consent).3.1.73.6 RFC 2015 PGP/MIME [4] This RFC defines the use of content types "multipart/encrypted", "multipart/signed", "application/pgp encrypted" and "application/pgp-signature" for defining MIME PGP content.3.1.83.7 RFC 2045, 2046, and 2049 MIME [1] These are the basic MIME standards, upon which all MIME related RFCs build, including this one. Key contributions include definition of "content type" and sub-type "multipart", in addition to encoding guidelines, which establish 7-bit US-ASCII as the lowest common denominator used. 3.8 Internet draft (fajman): Message Disposition Notification [5] This Internet draft defines how a message disposition notification (MDN) is requested, and the structure of the MDN. NOTE: This is the only specification we were not able to take "as is". Extension field-names beginning with "X-" will not be defined as a standard field. MDN field names not beginning with "X- " need to be registered with the Internet Assigned Numbers Authority (IANA) and described in an RFC. TheX-Received-MIC field"X-" extension fields described in this document will be registered with IANA.3.1.93.9 Internet draft (dusse): S/MIME Message Specification [8] This specification describes how MIME shall carry PKCS7 signature and envelope information.3.2 Vocabulary <recipient email> The email address4. Structure ofthe receiving organization'san EDIprocessing system. <sender email>MIME message - Applicability 4.1 Introduction Theemail address of the sending organi- zation's EDI processing system. <date> Transmission date <EDI standard> "EDIFACT" or "EDI-X12" or "EDI-consent" <encoding> "Quoted-printable" or "Base64" <EDI Object> ANSI X12 or EDIFACT EDI Interchange, or mutually agreed electronic commerce file <char set> "us-ascii" or "iso-8859-1" (note that if iso-8859-1 is used,structures below are described hierarchically inmost cases encoding will be required "Quoted printable" or "Base 64" <hash symbol> "md5" or "sha1" <pgp control information> -Key ID of recipient's public key -Session key (symmetric) -Timestamp -Key IDterms ofsender's public key -Leading two octetswhich RFC's are applied to form the specific structure. For details ofmessage digest -Message digest -Filename -Timestamp <PKCS#7 control information - enveloped> -contentType = EnvelopedData -version = Version -recipientInfos = RecipientInfos -contentType = Data -contentEncryptionAlgorithm = ContentEncryptionAlgorithmIdentifier -encryptedContent = <PKCS#7 control information - signed> -ContentType = SignedData -version = Version -digestAlgorithms = DigestAlgorithmIdentifiers -contentType = Data -content = <PKCS#7 signature information> -signerInfos = SignerInfo NOTE: The examples below are just that - examples. They are provided for illustration purposes only. Referhow to code in compliance with all RFC's involved, turn directly to theRFCs or drafts under "7. References"RFC's referenced. The "requirements document" has several examples described in an Appendix for those interested. Also, these structures describe theactual grammarinitial transmission only. Receipts, andprotocol definitions. 3.3requests for receipts are handled in section 5. 4.2 Structure of an EDI MIME message - PGP/MIME 4.2.1 Noencryption/Noencryption, no signatureTo: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: Application/<EDI standard> Content-Transfer-Encoding: <encoding> <EDI object> 3.4-RFC822/2045 -RFC1767 (application/EDIxxxx) 4.2.2 No encryption, signature -RFC822/2045 -RFC1847 (multipart/signed) -RFC1767 (application/EDIxxxx) -RFC2015 (application/pgp-signature) 4.2.3 Encryption, no signature -RFC822/2045 -RFC1847 (multipart/encrypted) -RFC2015 (application/pgp-encrypted) -"Version 1" -RFC1767 (application/EDIxxxx) (encrypted) 4.2.4 Encryption, signature -RFC822/2045 -RFC1847 (multipart/encrypted) -RFC2015 (application/pgp-encrypted) -"Version 1" -RFC1767 (application/EDIxxxx) (encrypted) -RFC2015 (application/pgp-signature) (encrypted) 4.3 Structure of an EDI MIME message - S/MIME3.4.1 S/MIME Overview S/MIME or the Secure/Multipurpose Internet Mail Extensions, specify formats and procedures when the cryptographic security services of authentication, message integrity,4.3.1 No encryption, no signature -RFC822/2045 -RFC1767 (application/EDIxxxx) 4.3.2 No encryption, signature -RFC822/2045 -RFC1847 (multipart/signed) -RFC1767 (application/EDIxxxx) -Draft (dusse) (application/x-pkcs7-signature) 4.3.3 Encryption, no signature -RFC822/2045 -Draft (dusse) (application/x-pkcs7-mime) -RFC1767 (application/EDIxxxx) (encrypted) 4.3.4 Encryption, signature -RFC822/2045 -Draft (dusse) (application/x-pkcs7-mime) -RFC1847 (multipart/signed) (encrypted) -RFC1767 (application/EDIxxxx) (encrypted) -Draft (dusse) (application/x-pkcs7-signature) (encrypted) 5. Receipts 5.1 Introduction In order to support non-repudiation oforigin, and confidentiality are applied to Internet MIME messages. S/MIME is specified in draft draft-dusse-mime-msg-spec-00.txt, and an S/MIME implementation guide is available from RSA Data Securities, Inc. This applicability statement sets forth the implementation requirements and recommendations needed to use S/MIME when sending EDIreceipt (NRR), a signed receipt, based onthe Internet. These implementation requirements and recommendations are intendeddigitally signing a message disposition notification, is toensurebe implemented by abase level of inter- operability among S/MIME EDI implementations. NOTE:receiving trading partner's UA (User Agent). TheS/MIME Implementation Guide, Version 2 specifiesmessage disposition notification, specified by draft-ietf-receipt-mdn-02.txt is digitally signed by arestricted profile for use for export purposesreceiving trading partner andan unrestricted profile for use domestically. These profiles specifyreturned to thecryptographic algorithms and key lengths thatsending trading partner as part of aconformant S/MIME implementation must support. It is recommended thatmultipart/signed MIME message. The required support for signed receipts when doing InternetEDI, these profiles be adhered to. However, cryptographic algorithms, and key lengths are parameters that need to be set by the trading partnership, and can vary from whatEDI isspecified byas follows: 1). Create a multipart/report; report-type = disposition-notification. 2). Calculate theS/MIME standards. Content Types: signedAndEnvelopedData content type should not be used when sending EDIMIC on theInternet. Objections have been raised concerning the fact thatmessage disposition notification. 3). Digitally sign theissuerAndSerialNumber for each signer ofMIC. 4). Create asignedAndEnvelopedDatamultipart/signed contentis left inwith theclear. This information could be used to derivemessage disposition notification as theidentity offirst body part, and thesigner ofsigned MIC calculated on themessage. The use of signedAndEnvelopedData also precludesmessage disposition notification as theability to sign information that is in addition to, but separate fromsecond body part. 5). Return theprimarysignedcontents. The use of the S/MIME "authenticated attributes" is not required for Internet EDI, since it is generally sufficientreceipt tosigntheEDI MIME content.sending trading partner. TheS/MIME Implementation Guide, Version 2 requires a compliant S/MIME agentsigned receipt is used tosupport the nesting ofnotify a sending trading partner that requested the signedmessage format within an enveloped message, for both incoming and outgoing messages. Thisreceipt that: 1). The receiving trading partner acknowledges receipt of the sent EDIAS#1 specification also requiresInterchange. 2). If thesupport of a nested signedsent messagewithin an enveloped message. Therefore, when using S/MIME forwas signed, then thepurposereceiving trading partner has authenticated the sender ofsending EDI ontheInternet, a two step process will be used:EDI Interchange. 3). If theuser agent first creates an application/x-pkcs7-mime signed message, and uses thissent messageas input towas signed, then the receiving trading partner has verified thecreationintegrity ofan application/x-pkcs7-mime enveloped message. The receiverthe received EDI Interchange. Regardless ofan incoming enveloped message thatwhether the EDI Interchange was sent in S/MIME or PGP/MIME format, the receiving trading partner's UA must provide the following basic processing: 1). If the sent EDI Interchange isdecryptedencrypted, then the encrypted symmetric key andfoundinitialization vector (if applicable) is decrypted using the receiver's private key. 2). The decrypted symmetric encryption key is then used tocontaindecrypt the EDI Interchange. 3). The receiving trading partner authenticates signatures in asigned application/x-pkcs-7-mime type, should processmessage using the sender's public key. The authentication algorithm performs the following: a). The message integrity check (MIC or Message Digest), is decrypted using the sender's public key. b). A MIC on the signed contents (the MIME header andpresentencoded EDI object, as per RFC 1767) in thesignature status and corresponding "data" content to message disposition notification processing -- if a request for amessagedisposition notification has been made -- otherwise the "data" contentreceived ispassed to a general MIME processor.calculated using the same one-way hash function that the sending trading partner used. c). The"data" content typeMIC extracted from the signature isused ascompared with thecontent withinMIC calculated using the same one-way hash function that the sending trading partner used. 4). The receiving trading partner formats thesignedDataMDN and sets theenvelopedData content types, to indicatecalculated MIC into the "X-Received-content-MIC" extension field. 5). The receiving trading partner creates a multipart/signed MIME messagecontent which has had security services appliedaccording toit. For the purpose of Internet EDI, this "data" content type will contain RFC 1767 specified MIME EDI content, or a MIME multipart content that has aRFC1767 MIME EDI content as1847. 6). The MDN is the first part of themultipart content. Signed Message Type: The S/MIME specification requires support of the signedData content format,multipart/signed message, andrecommends support ofthemultipart/signed format. For use in Internet EDI, supportdigital signature isrequired for the signedData content format if message authentication, integrity, and non-repudiation of origin are required.created over this MDN, including its MIME headers. 7). Thegreat value for supportsecond part of the multipart/signedformat ismessage contains theability of non- S/MIME-enabled agents to processdigital signature. The "protocol" option specified in thecontentsecond part of thebody that was signed. Themultipart/signedformatisrecommended when a signed messageas follows: S/MIME: protocol = "application/pkcs-7-signature" PGP/MIME: protocol = "application/pgp-signature" 8). The signature information isbeing sent to a set of recipients, not all of which are knownformatted according tohave S/MIME enabled agents. Since trading partners usingS/MIMEto transactor PGP/MIME specifications. The EDIon the Internet will by definition have S/MIME- enabled agents,Interchange and themultipart/signed loses much of its utility. SupportRFC 1767 MIME EDI content header, can actually be part of a multi-part MIME content-type. When themultipart/signed format for use in InternetEDI Interchange istherefore optional. 3.4.2 Example: S/MIME - Signature Only To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: application/x-pkcs7-mime Content-Transfer-Encoding: base64 <PKCS#7 control information - signed> &Mime-Version: 1.0 &Content-Type: Application/<EDI standard>; &Content-Transfer-Encoding: <encoding> & &<EDI object> <PKCS#7 signature information> Notes: -The lines preceded with "&" is whatpart of a multi-part MIME content-type, thesignatureMIC is calculatedover - <PKCS#7 control information - signed> consists of (refer to: PKCS#7:Cryptographic Message Syntax Standard from RSA Labs, Inc.): ContentType = SignedData version = Version digestAlgorithms = DigestAlgorithmIdentifiers contentType = Dataacross the entire multi-part content, including the MIME headers. The multi-part MIME content= NOTE:thatexcept for ContentType and Content,contains theactual object identifiersEDI Interchange is then enveloped in either S/MIME orvalues forPGP/MIME format. The signed MDN, when received by thefields are not specified. (See PKCS#9 andsender of theS/MIME Implementation Guide, Version 2 from RSA Labs, Inc., for these object identifiers.) - <PKCS#7 signature information> consists of (refer to: PKCS#7:Cryptographic Message Syntax Standard from RSA Labs, Inc.): signerInfos = SignerInfo NOTE: The signerInfo containsEDI Interchange can then be used by thedigestAlgorithm,sender: 1). As an acknowledgment that thedigestEncryptionAlgorithm,EDI Interchange sent, was delivered and acknowledged by theencryptedDigest or the digital signature. The issuerAndSerialNumber field defined within the signerInfos identifies a signingreceiving tradingpartner's public-key certificate. Since Internet EDI allows self-certification,partner. The receiver does thisfield can containby returning thedistinguished nameoriginal message id of thesending trading partner forsent message in theissuer distinguished name. 3.4.3 Example: S/MIME - Encryption Only To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: application/x-pkcs7-mime Content-Transfer-Encoding: base64 <PKCS#7 control information - enveloped> &Mime-Version: 1.0 &Content-Type: Application/<EDI standard>; &Content-Transfer-Encoding: <encoding> & &<EDI object> Notes: -The text preceded by "&" indicates that it is really encrypted, but presented as text for clarity - <PKCS#7 control information - enveloped> consistsMDN portion of(See PKCS#7:Cryptographic Message Syntax Standard from RSA Labs, Inc.): contentType = EnvelopedData version = Version recipientInfos = RecipientInfos contentType = Data contentEncryptionAlgorithm = ContentEncryptionAlgorithmIdentifier encryptedContent = NOTE: Except for contentType, the actual object identifiers or values for the fields are not specified. (See PKCS#9 andtheS/MIME Implementation Guide, Version 2 from RSA Labs, Inc., for these objects.) NOTE: The recipientInfos containssigned receipt. 2). As an acknowledgment that thesymmetric encryption key encrypted withintegrity of thereceiver's public key. The issuerAndSerialNumber field defined withinEDI Interchange was verified by therecipientInfos identifies areceiving tradingpartner's public-key certificate. Since Internet EDI allows self-certification,partner. The receiver does thisfield can containby returning thedistinguished namecalculated MIC of thereceiving trading partner for the issuer distinguished name. NOTE: In general there will be one recipientInfos specified, but in the case of RFQs there may be n recipientInfos specified. 3.4.4 Example: S/MIME - Signature and Encryption The required support for EDI Internet is to first create an application/x-pkcs7-mime signedData message, and then to create an application/x-pkcs7-mime envelopedData message with the application/x- pkcs7-mime signedData message as input to the application/x-pkcs7-mime envelopedData message. To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: application/x-pkcs7-mime Content-Transfer-Encoding: base64 <PKCS#7 control information - enveloped> *Mime-Version: 1.0 *Content-Type: application/x-pkcs7-mime *<PKCS#7 control information - signed> *&MIME-Version: 1.0 *&Content-Type: Application/<EDI standard>; *&Content-Transfer-Encoding: <encoding> *&<EDI object> *<PKCS#7 signature information> Notes: - The lines preceded with "&" is what the signature is calculated over. - The text preceded by "*" indicates that it is really encrypted, but presented as text for clarity - <PKCS#7 control information - enveloped> consists of (See PKCS#7:Cryptographic Message Syntax Standard from RSA Labs, Inc.): contentType = EnvelopedData version = Version recipientInfos = RecipientInfos contentType = Data contentEncryptionAlgorithm = ContentEncryptionAlgorithmIdentifier encryptedContent = NOTE: Except for contentType, the actual object identifiers or values for the fields are not specified. (See PKCS#9 and the S/MIME Implementation Guide, Version 2 from RSA Labs, Inc., for these objects.) NOTE: The recipientInfos contains the symmetric encryption key encrypted with the receiver's public key. The issuerAndSerialNumber field defined within the recipientInfos identifies a receiving trading partner's public-key certificate. Since Internet EDI allows self-certification, this field can contain the distinguished name of the receiving trading partner for the issuer distinguished name. NOTE: In general there will be one recipientInfos specified, but in the case of RFQs there may be n recipientInfos specified. - <PKCS#7 signature information> consists of (refer to: PKCS#7:Cryptographic Message Syntax Standard from RSA Labs, Inc.): signerInfos = SignerInfo NOTE: The signerInfo contains the digestAlgorithm, the digestEncryptionAlgorithm, and the encryptedDigest or the digital signature. The issuerAndSerialNumber field defined within the signerInfos identifies a signing trading partner's public-key certificate. Since Internet EDI allows self-certification, this field can contain the distinguished name of the sending trading partner for the issuer distinguished name. 3.5 Structure of anreceived EDI Interchange (and 1767 MIMEmessage - PGP/MIME 3.5.1 Overview PGP provides two functional services, signature and encryption, but in reality performs 5 functions in order to do it effectively. 1) Digital signature (MD5, RSA) 2) Compression (ZIP) 3) Message Encryption (IDEA) 4) ASCII Armor 5) Message segmentation When sending a message, the services are performed in that order. With the exception of item 5), these services are optional, meaning a user can choose whether to use signature, encryption, compression and ASCII armor, but commonly, 2) and 4) are always used, while 1) and 3) are used in three ways: 1) Signature only, in which case ASCII armor can be applied only to the signature block to keep the message legible. 2) Encryption only 3) Both signature and encryption Applicability of PGP/MIME and RFC 2015, for use in internet EDI dictates the following: - When both encryption and signature feature is used, the EDI data is first signed, then encrypted in a two-step process, as described in the example. -Compression and ASCII Armor is optional and could be user configurable. The following examples describe use of PGP/MIME without compression and ASCII armor, since those services are managed by PGP, and are optional per this draft . 3.5.2 Example: PGP/MIME - Signature Only To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="separator"; micalg=pgp-<hash symbol>; protocol="application/pgp-signature" --separator &Content-Type: Application/<EDI standard> &Content-Transfer-Encoding: <encoding> & &<EDI object> --separator Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version 2.6.2 fgfjhHjhJhgljhgJGHGJHGJHJHJhghjhJHJuytIYTiutTYT34553//YRytdhfFFQere /876JHJHGIUIUgsdIUYgYTRdgggguytUTIUlbXssfdsfdREWrewREWREEWE88POF/DF frtFFKFG+GFff= =ndaj -----END PGP MESSAGE----- --separator-- Notes: -The lines preceded with "&" is what the signature is calculated over. 3.5.3 Example: PGP/MIME - Encryption Only To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: multipart/encrypted; boundary="separator"; protocol="application/pgp-encrypted" --separator Content-Type: application/pgp-encrypted Version: 1 --separator Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- Version 2.6.2 &<pgp control information> &Content-Type: Application/<EDI standard>; &Content-Transfer-Encoding: <encoding> & &<EDI object> -----END PGP MESSAGE----- --separator-- Notes: -The text preceded by "&" indicates that it is really encrypted, but presented as text for clarity -"pgp control information" contains the following, but refer to PGP specifications or tool kits for details: -Key ID of recipient's public key -Session key (symmetric) -Timestamp -Key ID of sender's public key -Leading two octets of message digest -Message digest -Filename -Timestamp 3.5.4 Example: PGP/MIME - Signature and Encryption The sequence here is that the EDI data is first signed as a multipart/signature body, and then the data plus the signature is encrypted to form the final multipart/encrypted body. Here goes: To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: multipart/encrypted; boundary="separator"; protocol="application/pgp-encrypted" --separator Content-Type: application/pgp-encrypted Version: 1 --separator Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- Version 2.6.2 * <pgp control information> * Content-Type: multipart/signed; boundary="signed separator"; * micalg=pgp-<hash symbol>; protocol="application/pgp-signature" * * --signed separator * &Content-Type: Application/<EDI standard> * &Content-Transfer-Encoding: <encoding> * & * &<EDI object> * * --signed separator * Content-Type: application/pgp-signature * * -----BEGIN PGP MESSAGE----- * Version 2.6.2 * * fgfjhHjhJhgljhgJGHGJHGJHJHJhghjhJHJuytIYTiutTYT34553//YRytd * /GIUIUgsIUYgYTRdgggguytUTIUlbXssfdsfdREWrewREWREEWE88POF/DF * frtFFKFG+GFff= * =ndaj * -----END PGP MESSAGE----- * * --signed separator-- -----END PGP MESSAGE----- --separator-- Notes: - The lines preceded with "&" is what the signature is calculated over. - The text preceded by "*" indicates that it is really encrypted, but presented as text for clarity - "pgp control information" contains the following, but refer to PGP specifications or tool kits for details: -Key ID of recipient's public key -Session key (symmetric) -Timestamp -Key ID of sender's public key -Leading two octets of message digest -Message digest -Filename -Timestamp -RFC 2015 allows another way to handle the aboveheaders) ina combined fashion, However, forthepurpose"X-Received-content-MIC" field ofEDI we requiretheabove method, which is based on MIME Security Multiparts [4] RFC 1847. This method performs signature and encryption in a two-step process, first signingsigned MDN. 3). As an acknowledgment that thedata, then encrypting it. This is also consistent with PGP's recommendations. 4. Receipts 4.1 Introduction In order to providereceiving trading partner has authenticated the sender of the EDI Interchange. 4). As a non-repudiation of receipt(NRR) orwhen the signedreceipt, a message disposition notification (MDN) as specified by draft- ietf-receipt-mdn-01MIC calculated over the MDN, isto be implementedsuccessfully decrypted byathe sender with the receiving trading partner'sUA (User Agent). Thepublic key. 5.2 Requesting a signed receipt Message Disposition Notifications are requested as per draft-ietf- receipt-mdn-02.txt, "An Extensible Message Format for Message Disposition Notification". A request that the receiving user agent issue a message disposition notification isthen digitally signed and returned tomade by placing thesending trading partner as part of a multipart/signed content.following header into the message to be sent: mdn-request-header = "Disposition-notification-to" ":" mail-address Therequired support for signed receipts when doing EDI Internetmail-address field is specified asfollows: 1). Create a multipart/report; report-type=disposition-notification. 2). Calculatean RFC 822 user@domain address, and is theMIC onreturn address for the message disposition notification.3). Digitally sign the MIC. 4). CreateIn addition to requesting a message disposition notification, amultipart/signed content with themessage disposition notification that is digitally signed, or what has been referred to asthe first body part, and thea signedMIC calculated onreceipt, can be requested by placing the following in the messagedisposition notification asheader following thesecond body part. 5). Return"Disposition-notification-to" line: Disposition-notification-options = "Disposition-notification-options" ":" disposition-notification-parameters Where disposition-notification-parameters = signed-receipt-protocol=O, <protocol symbol>; The currently supported values for <protocol symbol> are "x-pkcs7-signature", for thesigned receipt toS/MIME detached signature format, or "pgp-signature", for thesending trading partner.pgp signature format. An example of a formatted options line would be as follows: Disposition-notification-options: signed-receipt-protocol=O, x-pkcs7-signature; TheMDNsemantics of the "signed-receipt-protocol" parameter is as follows: 1). The "signed-receipt-protocol" parameter is used tonotify a sending trading partner that sentrequest asigned, orsignedand encrypted EDI Interchange that: 1). The receiving trading partner acknowledgesreceiptoffrom thesent EDI Interchange. 2). The receivingrecipient tradingpartner has authenticated the sender of the EDI Interchange. 3).partner. Thereceiving trading partner has verified the integrity of the received EDI Interchange. Regardless of whether"signed-receipt-protocol" parameter also specifies theEDI Interchange was sentformat inS/MIME or PGP/MIME format, the receiving trading partner's UA must provide the following basic processing: 1). If the sent EDI Interchange is encrypted, thenwhich theencrypted symmetric key and initialization vector (if applicable) is decrypted usingsigned receipt should be returned to thereceiver's private key. 2).requester. Thedecrypted symmetric encryption key is thenMIC algorithm and signature algorithm used in formulating the signed receipt are agreed todecryptin theEDI Interchange. 3). The receivingtrading partnerauthenticates signaturesrelationship. The actual algorithms used ina message usingthesender's public key. The authentication algorithm performssigned receipt are always returned as part of thefollowing: a).signed receipt. 2). Themessage integrity check (MIC or Message Digest) contained within the signature"importance" attribute of "O" isdecrypted using the sender's public key. b). A MIC ondefined in thesigned contents (the MIME headerMDN draft andencoded EDI object, as per RFC1767) inhas themessage received is calculated usingfollowing meaning: Parameters with an importance of "O" permit a UA that does not understand thesame one-way hash function"signed-receipt-protocol" parameter to still generate a MDN in response to a request for a MDN. A UA that does not understand thesending trading partner used. c)."signed-receipt-protocol" parameter, will obviously not return a signed receipt. TheMIC extracted from the signatureimportance of "O" iscompared with the MIC calculated usingused for thesame one-way hash functionsigned receipt parameters because it is desirable that an MDN be returned to thesending trading partner used. 4). The receivingrequesting trading partnerformatseven if the recipient could not sign it. The returned MDNand setswill contain information on thecalculated MIC intodisposition of the message as well as why the MDN could not be signed. See the disposition and extensionfield. 5). The receivingfields in section 5.3 for more information. Within an EDI tradingpartner createsrelationship, if amultipart/signed MIME message according to RFC 1847. 6). The MDNsigned-receipt is expected and is not returned, then thefirst partvalidity of themultipart/signed message, andtransaction is up to thedigital signaturetrading partners to resolve. In general, if a signed-receipt iscreated over this MDN, including its MIME headers. 7). The second part ofrequired in themultipart/signed message containstrading relationship and is not received, thedigital signature.transaction will likely not be considered valid. 5.2.1 Additional Signed Receipt Considerations The"protocol" option specified"rules" stated inthe multipart/signed isSection 2.2.3 for signed receipts are as follows:S/MIME: protocol = "application/pkcs-7-mime" PGP/MIME: protocol = "application/pgp-signature" The EDI Interchange and1). When a receipt is requested, explicitly specifying that theRFC 1767 MIME EDI content header, can actuallyreceipt bepart ofsigned, then the receipt indeed has to be returned with amulti-part MIME content-type.signature. 2). Whenthe EDI Interchange is part ofamulti-part MIME content-type, the MICreceipt iscalculated acrossrequested, explicitly specifying that theentire multi-part content, includingreceipt be signed, but theMIME headers. The multi-part MIME content that containsrecipient cannot support theEDI Interchange isrequested signature format, thenenveloped ineitherPKCS #7a signed orPGP format. Theunsigned receipt should be returned. 3). When a signature is not explicitly requested, or if the signedMDN, when receivedreceipt request parameter is not recognized by thesender of the EDI Interchange canUA, then all bets are off. In this situation, no receipt, an unsigned receipt, or a signed receipt may beusedreturned by thesender: 1). As an acknowledgmentrecipient. NOTE: For Internet EDI, it is recommended that when a signature is not explicitly requested, or if parameters are not recognized, that theEDI Interchange sent,UA send back at a minimum, an unsigned receipt. If a signed receipt however wasdelivered and acknowledged by the receiving trading partner. The receiver does this by returning the original message id of the sent message in thealways returned as a policy, whether requested or not, then any false unsigned receipts can be repudiated. When a request for a signedMDN. 2). Asreceipt is made, but there is anacknowledgment thaterror in processing theintegritycontents of theEDI Interchange was verified by the receiving trading partner.message, a signed receipt should still be returned. Thereceiver does this by returningrequest for a signed receipt should still be honored, though thecalculated MIC oftransaction itself may not be valid. The reason for why thereceived EDI Interchange (and 1767 MIME headers)contents could not be processed should still be set in theX-Received-MIC field"disposition-field". When a request for a signed receipt is made, then the calculation of the "X-Received-content-MIC" should be as follows: - For any signedMDN. 3). As an acknowledgment that the receiving trading partner has authenticatedmessages, thesender ofMIC to be returned is calculated on theEDI Interchange. 4). As a non-repudiation of receipt whenRFC 1767 MIME header and content, or multipart MIME header and content. - For encrypted, unsigned messages, thesignedMIC to be returned is calculatedoveron theMDN, is successfullydecryptedbyRFC 1767 MIME header and content, or multipart MIME header and content. - For unsigned, unencrypted messages, thesender withMIC should be calculated over thereceiver's public key. 4.2 Requesting a signed receipt Message Disposition Notifications are requested as permessage body prior to Content-Transfer-Encoding or Content-Encoding, and without thedraft-ietf- receipt-mdn-01.txt.MIME or any other RFC 822 headers, since these are sometimes altered or reordered by MTAs. Arequestnew extension field that further qualifies thereceiving user agent issue a message disposition notification"disposition-field" ismadedefined byplacing the following header into the message to be sent: mdn-request-header = "Disposition-notification-to" ":" addressthis specification. Theaddressfield "X-Disposition-qualifier-field" is used to convey additional error or status information on the value specifiedas an RFC 822 user@domain address, and isin thereturn address for"disposition-field". Situations arise in EDI where even if a trading partner cannot be authenticated correctly, themessage disposition notification. A notetrading partners still agree toimplementors: this RFC does not precludecontinue processing thesending of a signed receipt wheneverEDIcontenttransactions. Transaction reconciliation isreceived by adone between the tradingpartner. The sending ofpartners at asigned receipt can be madelater time. The "X-Disposition-qualifier-field" allows for qualifying an "autoprocessed-with-warning" disposition value with aconfigurable parameter, and"X-Disposition-qualifier-field" of "authentication-failed" for instance. This use of asigned receipt may be returneddisposition qualifier value would convey in the above example, that even though authentication failed, theoriginal message does not contain a receipt request. 4.3receiving trading partner still processed the received EDI transactions. 5.3 Message Disposition Notification Format The format of a message disposition notification is as specified indraft-ietf-receipt-mdn-01.txt.draft-ietf-receipt-mdn-02.txt. For use inEDI over theInternet EDI the following format will be used: - content-type - perRFC1892RFC 1892 and the ietf-receipt-mdn specification - reporting-ua-field - per ietf-receipt-mdn specification - mdn-gateway-field - per ietf-receipt-mdn specification - original-recipient-field - per ietf-receipt-mdn specification - final-recipient-field - per ietf-receipt-mdn specification - original-message-id-field - per ietf-receipt-mdn specification - disposition-field - for EDI use:* autoprocessed"notprocessed" -when theThe received content(s)are successfullywas not processed. "autoprocessed" - The message has been processed* decryption_failedautomatically in some manner (e.g., printed, faxed, forwarded, gatewayed) in response to some user request made in advance, without being displayed to the user. The user may or may not see the message later. "autoprocessed-with-warning" -whenThe message has been processed automatically in some manner (e.g., printed, faxed, forwarded, gatewayed) in response to some user request made in advance, without being displayed to the user. The user may or may not see the message later. | Additionally, the "disposition-qualifier-field" may be set with a warning description. "decryption-failed" - The receiver could not decrypt thecontents * authentication_failedcontents. "authentication-failed" -when theThe receiver could not authenticate thesender * integrity_check_failedsender. "integrity-check-failed" -when theThe receiver could not verify contentintegrity - extension fieldintegrity. "unexpected-processing-error" - A catch-all for additional processing errors. Note: The "notprocessed" disposition value should be used when the message content is being rejected or ignored, for instance if it is determined that a signed receipt cannot be returned so the UA chooses not to process the message content itself. The "unexpected-processing-error" should be used when an actual error is encountered when processing the message content. 5.3.1 Message Disposition Notification Extension Fields The followingextension field"extension fields" will be added in order to supportsigned-receiptssigned receipts for RFC 1767specifiedMIME content types and multi-partspecifiedMIME content typeswhich includesthat include the RFC 1767 MIME content types. The "extension fields" defined below follow the "disposition-field" in the MDN. The "X-Disposition-qualifier-field" is used to further qualify the value in the "disposition-field". The value of the "X-Disposition-qualifier-field" can be used to further describe the "autoprocessed-with-warning" disposition value, or as further elaboration of any other "disposition-field". This field is optional, and when it is not used, does not appear in the MDN. The values for the "X-Disposition-qualifier-field" are implementation dependent. - extension field = "X-" "Disposition-qualifier-field" ":" value The "X-Received-content-MIC" extension field issent only whenset when the integrity of the received message is verified. The MIC is the hex coded quantity computed over a "body part" with a message digest or hash function. For details of "what" the "X-Received-content-MIC" should be calculated over, see Section 5.2.1. The algorithm used to calculate the "X-Received-content-MIC" value should be the same as the "micalg" value received in the multipart/signed. When no signature is received, then it is recommended that the SHA1 algorithm be used to calculate the "X-Received-content-MIC" value. This field is set only when the contents of the message are processed successfully. This field is used in conjunction with thereceived contents are successfully processed.recipient's signature on the MDN in order for "non-repudiation of receipt" to occur on the sender's side. - extension field = "X-""Received-MIC""Received-content-MIC" ":" MICMIC or message integrity check, is defined aswhere: <MIC> = <hexMicValue> "," <micalg> <hexMicValue> = the result ofa one-way hash function applied tothereceived EDI Interchange and RFC 1767 MIME content type information, orone way hash function, coded as hexadecimal digits. < micalg> = themulti-part MIME content containing RFC 1767 MIME EDI content information. Themicalg value defined in RFC1847, an IANA registered MIC algorithm ID token. The "X-Signed-receipt-disposition" extension field isalso referred to as a message digestset whenusinga request for a signed receipt is made by theMD5 one-way hash function. 4.4sender, but cannot be returned by the receiver. - extension field = "X-" "Signed-receipt-disposition": signed-receipt-disposition where signed-receipt-disposition is: "unsupported-format" - A request for a signed receipt cannot be returned because the requested format is not supported. "unexpected-error" - A catch-all for errors that prevent a signed receipt from being returned when it has been requested. 5.4 Message Disposition Notification Processing4.4.15.4.1 Large File Processing Large EDI Interchanges sent via SMTP can be automatically fragmented by some message transfer agents. A subtype of message, "partial", is defined in RFC15212045 [1] to allow large objects to be delivered as separate pieces of mail and to be automatically reassembled by the receiving user agent. Using message, "partial", can help alleviate fragmentation of large messages by different message transfer agents, but does not completely eliminate the problem. It is still possible that a piece of a partial message, upon re-assembly, may prove to contain a partial message as well. This is allowed by the Internet standards, and it is the responsibility of the user agent to re-assemble the fragmented pieces. It is recommended that the size of the EDI Interchange sent via SMTP be configurable so that if fragmentation does occur, then message, "partial" can be used to send the large EDI Interchange in smaller pieces. RFC15212045 [1] defines the use of Content-Type: message/partial. Support of the message/partial content type for use in Internet EDI is optional. The receiving UA is required to re-assemble the original message before sending the message disposition notification to the original sender of the message. A message disposition notification is used to specify the disposition of the entire message that was sent, and should not be returned by a processing UA until the entire message is received, even if the received message requires re-assembling. In general, EDI content compresses well, since there is repetitive data in most EDI Interchanges. Instead of implementing the message/partial, compression of the EDI Interchange can be done after the signature is applied to the EDI Interchange, and before encryption. When no signature is applied, then compression isapplied before the encryption. Compressionapplied before the encryption. Compression is an alternative solution to implementing Content-Type: message/partial when sending large EDI Interchanges on the Internet. Applying compression before encryption strengthens cryptographic security since repetitious strings are reduced. This sequence of signature, compression, then encryption, or compression then encryption, is consistent with the order in which PGP implementations handle compression. Note: Compression is done automatically when using PGP encryption. The MIME standards [1], do not define a way in which to convey that a message has been compressed. However, RFC 2045 [1] does allow the definition of additional MIME header fields to further describe the content of a message. RFC 2068 [11], the HTTP/1.1 specification does define a Content-Encoding field that is primarily used to convey compression information: Content-Encoding = "Content-Encoding" ":" content-coding where content-coding can take on the values of "gzip" or "compress". The gzip compression standard is furthur described in RFC 1952 [12], and compress isan alternative solution to implementing Content-Type: message/partial when sending large EDI Interchanges ontheInternet. Applyingstandard UNIX file compressionbefore encryption strengthens cryptographic security since repetitious stringsprogram. Both "gzip" and "compress" arereduced. This sequence is consistentregistered with IANA. Trading partners can adopt thePGP sequence as well. 4.4.3use of the Content-Encoding header if they need to compress their EDI data and convey the compression type to their trading partners. 5.4.2 Example The following is an example of a signed receipt returned by a UA after successfully processing a MIME EDI contenttype that was signed.type. The sending trading partner has requested a return signed receipt. This example follows the S/MIME application/x-pkcs-7-signature format. NOTE: This example is provided as an illustration only, and is not considered part of the protocol specification. If an example conflicts with the protocol definitions specified above or in the other referenced RFCs, the example is wrong. To: <recipient email> Subject: From: <sender email> Date: <date> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="separator";micalg=rsa-md5; protocol="application/x-pkcs7-mime"micalg=rsa-sha1; protocol="application/x-pkcs7-signature" --separator &Content-Type: multipart/report; report-type=disposition & notification; boundary = "xxxxx" & &--xxxxx &Content-Type: text/plain &The&The message sent to Edi Recipient <Edi_Recipient@edicorp.com>& has&has been received, the EDI Interchange wassuccesfully & decryptedsuccessfully &decrypted and its integrity was verified. In addition, the& sender&sender of the message, Edi Sender <Edi_Sender@othercorp.com>& was&was authenticated as the originator of the message. There is& no&no guarantee however that the EDI Interchange was& syntactically&syntactically correct, or was received by the EDI& application.&application. & &--xxxxx& Content-Type:&Content-Type: message/disposition-notification && Reporting-UA:&Reporting-UA: good-edi-internet-ua.edicorp.com (ediua 1.0)& Original-Recipient:&Original-Recipient: rfc822; Edi_Recipient@edicorp.com& Final-Recipient:&Final-Recipient: rfc822; Edi_Recipient@edicorp.com& Original-Message-ID:&Original-Message-ID: <17759920005.12345@edicorp.com>& Disposition:&Disposition: autoprocessed& X-Received-MIC: Q2hlY2sgSW50XwdyaXRIQ……&X-Disposition-qualifier-field: none &X-Received-content-MIC: Q2hlY2sgSW50XwdyaXRIQ, rsa-sha1 & &--xxxxx& Content-Type:&Content-Type: message/rfc822 & &To: <recipient email> &Subject: & & [additional header fields go here] & &--xxxxx-- --separator Content-Type:application/x-pkcs7-mimeapplication/x-pkcs7-signature Content-Transfer-Encoding: base64 @ContentType = SignedData @version = Version @digestAlgorithms = DigestAlgorithmIdentifiers@contentType = Data @content = fgfjhHjhJhgljhgJGHGJHGJHJHJhghjhJHJuytIYTiutTYT34553//YRytdhfFFQere /876JHJHGIUIUgsdIUYgYTRdgggguytUTIUlbXssfdsfdREWrewREWREEWE88POF/DF frtFFKFG+GFff= =ndaj@signerInfos = SignerInfo --separator-- Notes: -The linespreceededpreceded with "&" is what the signature is calculated over. -The textpreceededpreceded by "@" indicates PKCS#7 defined fields and types.(See PKCS#7:Cryptographic(For details on how to prepare the multipart/signed with protocol = "application/x-pkcs7-signature" see the "S/MIME MessageSyntax Standard from RSA Labs, Inc.)Specification, PKCS Security Services for MIME" documentation.) Note: As specified by RFC1892,1892 [10], returning the original or portions of the original message in the third body part of the multipart/report is notnecessary.required. This is an optional body part. It is recommended that the received headers from the original message be placed in the third body part, as it can be helpful in tracking problems.5.Also note that the textual first body part of the multipart/report can be used to include a more detailed explanation of the error conditions reported by the disposition headers. The first body part of the multipart/report when used in this way, allows a person to better diagnose a problem in detail. 6. Public key certificate handling5.16.1 Near term approach In the near term, the exchange of public keys andcertificaitioncertification of these keys must be handled as part of the process of establishing a trading partnership. The UA and/or EDI application interface must maintain a database of public keys used for encryption or signatures, in addition to the mapping between EDI trading partner ID andRFC822RFC 822 [3] email address. The procedures for establishing a trading partnership and configuring the secure EDI messaging system might vary among trading partners and software packages. For systems which make use of X.509 certificates, it is recommended that trading partners self-certify each other if an agreed upon certification authority is not used. It is highly recommended that when trading partners are using S/MIME, that they also exchange public key certificates using the recommendations specified in the S/MIME Implementation Guide Version 2. The message formats and S/MIME conformance requirements for certificate exchange are specified in this document. This applicability statement does NOT require the use of a certification authority.5.26.2 Long term approach In the long term, additional Internet-EDI standards may be developed to simplify the process of establishing a trading partnership, including the third party authentication of trading partners, as well as attributes of the trading relationship.6.7. Authors' Addresses Mats Jansson mjansson@agathon.com LiNK1026 Wilmington Way2317 Broadway, Suite 330 Redwood City, CA9406294063 USA Chuck Shih chucks@actracorp.com Actra Corp. 610 East Caribbean Drive Sunnyvale, CA 94089 USANancy Turaj nturaj@.mitre.org MITRE Corporation Mailstop: W657 1820 Dolley Madison Blvd. McLean, VA 22102-3481 USARik Drummond drummond@onramp.com The Drummond Group 5008 Bentwood Ct. Ft. Worth, TX 76132 USA7.8. References [1] N. Borenstein, N.Freed,"MIME (Multipurpose"Multipurpose Internet MailExtensions)Extensions (MIME) Part One:Mechanisms for Specifying and Describing theFormat of Internet Message Bodies", RFC1521, September 23, 1993.2045, December 02, 1996. N. Borenstein, N.Freed, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, December 02, 1996. N. Borenstein, N.Freed, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049 , December 02, 1996. [2] D. Crocker, "MIME Encapsulation of EDI Objects", RFC 1767, March 2, 1995. [3] D. Crocker, "Standard for the Format of ARPA Internet Text Messages", STD 11, RFC 822, August 13, 1982. [4] M. Elkins, "MIME Security With Pretty Good Privacy (PGP)", RFC 2015, Sept. 1996. [5] R. Fajman, "An Extensible Message Format for Message Disposition Notifications", draft-ietf-receipt-mdn-01.txt, May 13, 1996. [6] J. Galvin, S. Murphy, S. Crocker, N. Freed, "Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted", RFC 1847, Oct.3,19953, 1995 [7] J. Postel, "Simple Mail Transfer Protocol", STD 10, RFC 821, August 1, 1982. [8] S. Dusse, "S/MIME Message Specification; PKCS Security Services for MIME", Internet draft: draft-dusse-mime-msg-spec 00.txt [9] C. Shih, "Requirements for Inter-operable Internet EDI", July 1996. [10] G. Vaudreuil, "The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages", RFC 1892, January 15, 1996. [11] R. Fielding, J.Gettys, J. Mogul, H. Frystyk, T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, January 1997. [12] L. Deutsch, "GZIP File Format Specification Version 4.3", RFC 1952, May 23, 1996. ----