view Side-By-Side changes
EDIINT Working Group Dale Moberg Internet draftDick Brooks Expires: November 2002Rik DrummondDavid Fischer May 2002Expires: July 2003 January 2003 HTTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internetdraft-ietf-ediint-as2-11.txtdraft-ietf-ediint-as2-12.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, orobsoletedobsolete by other documents at any time. It is inappropriate to useInternet DraftsInternet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.To view the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in an Internet- Drafts Shadow Directory, see http://www.ietf.org/shadow.html.Any questions, comments, and reports of defects or ambiguities in this specification may be sent to the mailing list for the EDIINT working group of the IETF, using the address <ietf-ediint@imc.org>. Requests to subscribe to the mailing list should be addressed to <ietf-ediint-request@imc.org>. Copyright Notice Copyright (c) The Internet Society (2002). All rights reserved. NOTE FROM WG LEADER: This draft has been extensively rewritten from draft-ietf-ediint-as2-11.txt to enhance clarity. The previous draft attempted to combine two means of accomplishing the objectives which made the draft very clumbersom and greatly contributed to the lack of clarity. This draft extends the AS1 functionality to HTTP, drops PGP and gib?? In the event that gib?? is still required as and ietf standard i recommend we do it as AS3. Moberg, Drummond, [page 1] HTTP Transport for Secure EDI Jan 2003 Abstract This document describes how to exchange structured business data securely using HTTPtransporttransfer for XML, Binary, Electronic Data Interchange, (EDI - either the American Standards Committee X12 or UN/EDIFACT, Electronic Data Interchange for Administration, Commerce andTransport), XMLTransport) or other data describable in MIME used for business to business data interchange. The data is packaged using standard MIME content-types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME)or OpenPGPsecurity body parts. Authenticated acknowledgements make use of multipart/signedreplies to the HTTP POST requests. This document extendsrepliesto theprocedures and payload packaging options of AS1 in the following ways: HTTPS may be used to obtain data, privacy both synchronous and asynchronous reply procedures are, described multipart/form-data packaging may be used, a generalized Moberg, Brooks, Drummond, Fischer [page 1]original HTTPTransport for Secure EDI May 2002 multipart/report format is added to the MDN format of AS1, replies may include a multipart/mixed payload that contains both the acknowledgement and an additional EDI payload. This document is intended to be read in conjunction with AS1 and the referenced RFCs defining the MIME and cryptographic packaging that are used to obtain secure, authenticated, and acknowledged transport.message. Feedback Instructions: NOTE TO RFC EDITOR: This section should be removed by the RFC editor prior to publication. If you want to provide feedback on this draft, follow these guidelines:- Send-Send feedback via e-mail to the ietf-ediint list for discussion, with "AS#2" in the Subject field. Toenter/followenter or follow the discussion, you need to subscribeatto ietf-ediint@imc.org.- Be-Be specific as to what section you are referring to, preferably quoting the portion that needs modification, after which you state your comments.- If-If you are recommending some text to be replaced with your suggested text, again, quote the section to be replaced, and be clear on the section in question. Table of Contents 1. Introduction1.1 Purpose and relation to previous work 1.2 Overall operation2.Stages and Details of HTTP Transmission and AcknowledgmentOverview 2.1Requesting Receipts 2.1.1 Requesting MDN-based receipts 2.1.2 Requesting Generalized receipts 2.1.2.1 Additional Commonly Used Headers 2.1.3 Summary Remarks on Receipt request optionsOverall operations 2.2SendingPurpose of a security guideline for MIME EDIin HTTP POST Requests2.3Using Transport Layer SecurityDefinitions 2.4Response Status Codes in Replies 2.5 Receipt Reply 2.5.1 MDN Receipts and Signed MDN Receipts 2.5.2 Generalized Receipts and Signed Receipts 2.6 Additional Reply Content 2.7 Non-Repudiation of the POST Reply 2.8 Error RecoveryAssumptions 2.4.1 EDI process assumptions 2.4.2 Flexibility assumptions 3.Other differences between HTTP and SMTP based transportReferenced RFCs 3.1Unused MIME headers and operations 3.1.1 Content-Transfer-Encoding not usedRFC 2616 HTTP v1.1 Moberg,Brooks,Drummond,Fischer[page 2] HTTP Transport for Secure EDIMay 2002 3.1.2Jan 2003 3.2 RFC 1847 MIME Security Multiparts 3.3 RFC 1892 Multipart/report 3.4 RFC 1767 EDI Content 3.5 RFC 2045, 2046, 2049 MIME 3.6 RFC 2298 Message Disposition Notification 3.7 RFC 2633, 2630 S/MIME Version 3 Message Specifications 3.8 RFC 2376 XML Media Types 4. Structure of an AS2 message 4.1 Introduction 4.2 Structure of EDI MIME message 5. HTTP Considerations 5.1 Sending EDI in HTTP Post Requests 5.2 Unused MIME headers and operations 5.2.1 Content-Transfer-Encoding not used 5.2.2 Epilogue must be empty3.1.35.2.3 Lengthy message bodies3.2 Differences in5.3 Modification of MIME or other headers or parameters used3.2.15.3.1 Content-Length3.2.25.3.2 Final Recipient and Original Recipient3.2.35.3.3 Message-Id and Original-Message-Id3.2.45.3.4 Hostheader 4. Additional AS2 specificHeader 5.4 HTTPheaders 4.1Response Status Codes 5.5 HTTP Error Recovery 6. AS2 Headers 6.1 AS2 Version Header4.26.2 AS2 System Identifiers4.2.1 Unrecognized System Identifiers A. AS2 MIME templates. B. Using AS2 Extensions in the GISB Protocol C. Samples7. Structure and Processing ofAS2 Protocol Data Units D. Acknowledgments E. References F.an MDN Message 7.1 Introduction 7.2 Synchronous and Asynchronous MDNs 7.3 Requesting a signed receipt 7.3.1 Signed receipt considerations 7.4 MDN Format 7.4.1 AS2-MDN General Formats 7.4.2 AS2-MDN Construction 7.4.3 AS2-MDN Fields 7.4.4 Additional AS2-MDN Programming Notes 7.5 Disposition Mode, Type, and Modifier 7.5.1 Disposition Mode Overview 7.5.2 Successful Processing Status Indications 7.5.3 Unsuccessful Processed Content 7.5.4 Unsuccessful Non-Content Processing 7.5.5 Processing Warnings 7.5.6 Backwards Compatibility with Disposition Type, Modifier, and Extension 7.6 Receipt Reply Considerations in a HTTP Post 8. Public key certificate handling 9. Security ConsiderationsG.10. Acknowledgements 11. References 12. Authors' Addresses Appendix A. Message Examples B. IANA Registration Form Moberg, Drummond [page 3] HTTP Transport for Secure EDI Jan 2003 1. Introduction1.1 Purpose and relation to previous work EarlyPrevious work on Internet EDI focused on specifying MIME content types for EDI data[MIMEEDI] The functional requirements[2] and extending this work to support secure EC/EDI transport over SMTP [4]. This document, "Requirements for Interoperable Internet EDI," [EDIINT] provides extensive informationexpands onEDIRFC 1767 to specify a comprehensive set of data securityand the business and user processes that can benefit from the usefeatures, specifically data privacy, dataintegrity/authenticity, non-repudiation ofEDI security. In addition, MIME structures appropriate for SMTP transport of the packaged EDI data are specified in ([AS1] "MIME-based Secure EDI") as well as the details needed to support signed receipts as acknowledgments. The framework of [AS1] shows how to implement the security features--specifically data privacy, data integrity/authenticity, non-repudiation of origin and non-repudiationorigin and non-repudiation of receipt--found to be requirements for secure EDI. In this document, it is assumed that the reader is familiar with the SMTP/MIME transport document, the requirements document, and the RFCs applied or referenced in those documents.over HTTP. Thisdraft, like the SMTP/MIME transport document, builds on previousdocument also recognizes contemporary RFCs and is attempting to "re-invent" as little as possible.The goalWhile this document focuses on EDI data, any other data type describable in a MIME format are also supported. Internet MIME based EDI can be accomplished by using and complying with the following RFC's : * -RFC 2616 Hyper Text Transfer Protocol * -RFC 1767 EDI Content Type * -RFC 2376 XML Media Types * -RFC 1847 Security Multiparts for MIME * -RFC 1892 Multipart/Report * -RFC 2045 to 2049 MIME RFC's * -RFC 2298 Message Disposition Notification * -RFC 2630, 2633 S/MIME v3 Specification Our intent here is tospecifydefine clearly and precisely howpreviously specified MIME messaging structuresthese are used together, andoperations canwhat is required by user agents to beadapted for usecompliant with this document. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 2. Overview 2.1 Overall Operations A HTTPserversPOST operation [3] is used to send appropriately packaged EDI, XML, or other business data. The Request-URI ([3], section 9.5) identifies a process to unpack and handle the message data andclientstoobtaingenerate a reply for the client that contains a message disposition acknowledgement or a multipart/report, signed or unsigned, and possibly other turnaround transactions. This request/reply transactional interchange provides secure, reliable, andacknowledgedauthenticated transport for EDIandor other businessdata. The applicability statement, [AS1] "MIME-based Secure EDI," Moberg, Brooks, Drummond, Fischer [page 3] HTTP Transport for Secure EDI May 2002 explained the basic EDI transactiondata usingthe conceptHTTP. The security protocols and structures used also support auditable records of these transmissions, acknowledgements, and authentication. 2.2 Purpose of a"secure transmission loop"security guideline forEDI. This loop involves one organization sending a signed and encryptedMIME EDIinterchangeThe purpose of these specifications is toanother organization, requesting a signed receipt, followed byensure interoperability between B2B Electronic Commerce user agents, invoking some or all of thereceiving organization sending this signed receipt backcommonly expected security features. This document is also NOT limited tothe sending organization. The transmission therefore involves the following stages: 1. The organization sendingstrict EDI use, but applies to any electronic commerce application where business dataencryptsneeds to be exchanged over thedata and providesInternet in adigital signature, usingsecure manner. 2.3 Definitions 2.3.1. Terms * EDI - Electronic Data Interchange * EC - Business to Business Electronic Commerce * B2B - Business to Business * Receipt - The functional message that is sent from a receiver to a Moberg, Drummond, [page 4] HTTP Transport for Secure EDI Jan 2003 sender to acknowledge receipt of an EDI/EC interchange. This message may be eitherPGP/MIMEsynchronous orS/MIME. In addition, they requestasynchronous in nature. * Signed Receipt - A receipt with asigned receipt. 2. The receiving organization decryptsdigital signature. * Synchronous Receipt - A receipt returned to themessage and verifiessender during thesignature, resulting in verified integrity ofsame HTTP session as thedata and authenticity ofsender's original message * Asynchronous Receipt - A receipt returned to thesender. 3.sender on a different communication session than the sender's original message session * Message Disposition Notification (MDN) - Thereceiving organization then sendsInternet messaging format used to convey asigned receipt usingreceipt. This term is used interchangeably with receipt. A MDN is asignature over the hashreceipt. * Non-repudiation of receipt (NRR) - NRR is amessage disposition notification, which contains a hash"legal event" that occurs when the original sender of an EDI/EC interchange has verified thereceived message.signed receipt coming back from the receiver. NRR IS NOT a functional or a technical message. * S/MIME - A format and protocol for adding Cryptographic signature and/or encryption services to Internet MIME messages. * SHA-1 - A secure, one-way hash algorithm used in conjunction with digital signature. This is the recommend algorithm for AS2 * MD5 - A secure, one-way hash algorithm used in conjunction with digital signature. This algorithm is accepted in AS2 but not recommended due to its short key length * MIC - Theabove stages describemessage integrity check (MIC), also called thefunctionalitymessage digest, is the digest output of the hash algorithm used by the digital signature. The digital signature is computed over the MIC. * User Agent (UA) - The application thatwould satisfy allhandles and processes the AS2 request 2.3.2 The secure transmission loop This document's focus is on the formats and protocols for exchanging EDI/EC content that has had securityrequirements. Applications are expected to be able to provide full functionality, though users may agreeapplied toexchange datait usingonlythe Internet's HTTP environment. The "secure transmission loop" for EDI/EC involves one organization sending arestricted subset of functionality. For example, businesses may agree to sendsigneddata using TLS,andonly requestencrypted EDI/EC interchange to another organization, requesting asimple, unsigned receipt. Implementations are expectedsigned receipt, followed later by the receiving organization sending this signed receipt back tobe configurable so that they may support business community agreements that use subsets ofthefull functionality.sending organization. Inthis document,other words, thegoal is to make use of HTTP instead of SMTP as a transport protocol,following transpires: * -The organization sending EDI/EC data signs andmakeencrypts thechanges that are needed to adapt to protocol packaging differences.data using S/MIME. Ineither transport case, the body ofaddition, the messageiswill request aMIME structure, using MIME headers ("content-type" and other "content-X" tags)signed receipt to be returned toconvey information aboutthedata being transported. Also, one primary usesender ofSMTP RFC 822 headers within SMTP based transport of secure EDI has been to enable requests for acknowledgements and to specify options for signatures over acknowledgements (asymmetric encryption and cryptographic hash algorithm preferences). One way to convey this information withintheHTTP transport context is to use either HTTP entity-headers or extension-headers [11, section 7.1] that havemessage. * -The receiving organization decrypts thesyntax of SMTP headers. Onlymessage and verifies the"From" header is overloaded by possibly different usagessignature, resulting in verified integrity of theSMTPdata andHTTP contexts. The "From" header normally contains machine-usable email addresses as defined in [SMTPMSG]. Theauthenticity of the sender. Moberg,Brooks,Drummond,Fischer[page4]5] HTTP Transport for Secure EDIMay 2002 usage ofJan 2003 * -The receiving organization then returns a signed receipt, as requested either synchronous or asynchronous, to the"From" headersending organization in[HTTP] section 14.22 is to providetheemail addressform ofan administrative contact fora message disposition notification. This signed receipt will contain theHTTP client. The functionhash of the"From" header insignature from theSMTP context of secure EDI transport has beenreceived message, indicating tosupply a value used in constructingtheMDN style receipt. Butsender that theMDNreceived message was verified and/or decrypted properly. The above describes functionality which, if implemented, will satisfy all security requirements and implement non-repudiation of receipthas been found to be too restrictiveforsome commercial EDI transport scenarios [GISB]. So alternative receipt mechanisms will be provided that, among other things, will remove any conflicts arising from trying to reusetheSMTP-MDN roles of "From" withinexchange. This specification, however, leaves full flexibility for users to decide thecontext of HTTP reserved usage of "FROM". Also, it is currently difficultdegree tomake usewhich they want to deploy those security features with their trading partners. 2.3.3 Definition ofHTML [HTML]receipts The term used for both the functional activity andsimple scripting to send HTTP entity-headers as partthe message for acknowledging delivery of an EDI/EC interchange is receipt or signed receipt. The term is used if theHTML FORM tag construct. For HTML-based POST situations [GISB], itacknowledgment isuseful to specify ways to convey 'metadata' neededforthe secure transmission loop that do not make use of HTTP headers. One way to specify this data is by using the MIME multipart/form-data packaging specifiedan interchange resulting in[FORMDATA]. For SMTP transport, the receipt and signeda receiptfunctions are implemented using Message Disposition Notifications [MDN] and Multipart/signed Message Disposition Notifications [AS1]. For HTTP transport, generalization of the Message Disposition Notificationwhich isuseful.NOT signed. TheMDN is a special kind of multipart/report [REPORT]. For MDNS, specializationsecond term isachieved by assigningused if the"report-type" parameteracknowledgment is for an interchange resulting inthe content-type header the special value, "disposition-notification" and by having the second body part (the "machine-readable" body part) have the MIME content-type, "message/disposition-notification". To generalizeaMDN, all that is neededreceipt which IS signed. A term often used in combination with receipts is non-repudiation of receipt. NRR refers toremovea legal event which occurs only when therestrictions that makeoriginal sender of an interchange has verified theunderlying multipart/report into a MDN. In other words,signed receipt coming back from recipient of the"report-type" parameter [REPORT, section 1]message. Note that NRR isgiven a new valuenot possible without signatures. For information on how to format andthe second body part is changedprocess receipts in AS2, refer to section 7. 2.4 Assumptions 2.4.1 EDI/EC process assumptions -Encrypted object is an EDI/EC Interchange This specification assumes that acontent-type other than "message/disposition- notification". Acknowledgements defined by these changestypical EDI/EC interchange is the lowest level object that will bereferredsubject toas "generalized receipts. Each receipt ofsecurity services. Specifically, in EDI ANSI X12, thiskind will have its own specific report-type parametermeans anything between, andits own specifications forincluding segments ISA and IEA. In EDIFACT, this means anything between, and including, segments UNA/UNB and UNZ. In other words, thesyntaxEDI/EC interchanges including envelope segments remain intact andsemantics ofunreadable during secure transport. -EDI envelope headers are encrypted Congruent with theautomated response body part. Implementationsabove statement, EDI envelope headers areencouragedNOT visible in the MIME package. In order tobe ableoptimize routing from existing commercial EDI networks (called Value Added Networks or VANs) toregister new report-type handlers using only configuration changes (not recompiling) that specify how to process new report- type values. Nothing else needsthe Internet, work may need to bechangeddone in the future toconstruct reply acknowledgements that aredefine ways to pull out some of the envelope information to make them visible; however, this specification does notrestricted bygo into any detail on this. -X12.58 and UN/EDIFACT security considerations The most common EDI standards bodies, ANSI X12 and EDIFACT, have defined internal provisions for security. X12.58 is thesemanticssecurity mechanism for ANSI X12 and AUTACK provides security for EDIFACT. This specification DOES NOT dictate use or non-use ofMDNs. Specifically, a signed reply will still be constructed by using a multipart/signed package to wrap up generalized receiptsthese security standards. They are both fully compatible, though possibly redundant, withtheir signatures. Finally, withinthis specification. 2.4.2 Flexibility assumptions -Encrypted or un-encrypted data This specification allows for EDI/EC message exchange where theHTTP transport context, it is useful to makeMoberg,Brooks,Drummond,Fischer[page5]6] HTTP Transport for Secure EDIMay 2002 use of Transport Layer Security [TLS] to provide privacy. CompressionJan 2003 EDI/EC data can either beprovided using HTTP content-codings [HTTP], sections 3.5, 14.3, 14.12]. (Content codings are not to be confused with the MIME concept of content transfer encodings.) A variety of other minor differences (for example, absenceun-protected or protected by means ofcontent-transfer-encoding) are noted below and summarized in the concluding section. 1.2 Overall operation A HTTP POST operation [HTTP] is used to send appropriately packaged EDI, XML,encryption. -Signed orother business data. The Request-URI ([HTTP],section 9.5) identifies a process to unpack and handle the messageunsigned dataand to generate a replyThis specification allows forthe client that contains aEDI/EC messagedisposition acknowledgementexchange with ora multipart/ report, signedwithout digital signature of the original EDI transmission. -Use of receipt orunsigned, and possibly other turnaround transactions.not Thisrequest/reply transactional interchange provides secure, reliable, and authenticated transportspecification allows forEDIEDI/EC message transmission with orother business data using HTTP;without a request for receipt notification. If a signed receipt notification is requested however, a MIC value is REQUIRED as part of thesecurity protocols and structures used also support auditable records of these transmissions, acknowledgements, and authentication. 2. Stages and Details of HTTP Transmission and Acknowledgment A data file or stream is first structured into one of the message templates describedreturned receipt, unless an error condition occurs in[AS1], sections 4.2.1 to 4.2.4which a MIC value cannot be returned. In error cases, an unsigned receipt or4.3.1 to 4.3.4 for PGP/MIMEMDN SHOULD be returned with the correct "disposition modifier" error value. -Use of synchronous orS/MIME security. Inasynchronous receipts This specification allows in addition to a receipt request thecontent-typesspecification of the type of[MIMEEDI], applicationsreceipt that should beprepared for handling other content-types usedreturned. It supports synchronous or asynchronous receipts inbusiness to business transactions, such as those for XML [MIME-TYPES]. For convenience, these message templates, adapted fortheHTTP transport context, are providedMDN format specified inAppendix A. If TLS is to be used,section 7 of this document. -Security Formatting This specification relies on thetypical packaging will be that describedguidelines set forth insections 4.2.2 or 4.3.2; that is, a multipart/signed message will be created with no encryptionRFC 2633/2630 [8] "S/MIME Version 3 Message Specification; Cryptographic Message Syntax". S/MIME as defined inthe message. Otherwise, if privacy is desired,this Applicability statement. -Hash function, messagetemplates 4.2.4 or 4.3.4 are used. Content transfer encoding is not used anddigest choices When acontent-length fieldsignature isto be provided. If HTML-based POSTused, it isused (using the METHOD=POST attribute within the "FORM" tag) [HTML, 17 Forms], thenRECOMMENDED that themessage payload willSHA1 hash algorithm bepackaged in the input-data element of a multipart/form- data. The metadata neededused forapplication layer routing, identification, requesting a replyall utgoing messages, andother transaction operations canthat both MD5 and SHA1 bepackaged in message body parts in the multipart/form-data. The labelssupported for incoming messages. -Permutation Summary In summary, themetadata valuesfollowing twelve security permutations arefoundpossible in any given trading relationship: 1. Sender sends un-encrypted data, does NOT request a receipt. 2. Sender sends un-encrypted data, requests an unsigned receipt. The receiver sends back the"name" parameter of the Content-Disposition header in each form-data part as discussed in [FORMDATA, section 3].unsigned receipt. 3. Sender sends un-encrypted data, requests a signed receipt. The receiver sends back the signed receipt. 4. Sender sends encrypted data, does NOT request a receipt. 5. Sender sends encrypted data, requests an unsigned receipt. The receiver sends back the unsigned receipt. 6. Sender sends encrypted data, requests a signed. The receiver sends back the signed receipt. 7. Sender sends signed data, does NOT request a signed or unsigned receipt. 8. Sender sends signed data, requests an unsigned receipt. Receiver sends back the unsigned receipt. 9. Sender sends signed data, requests a signed receipt. Receiver sends back the signed receipt. Moberg,Brooks,Drummond,Fischer[page6]7] HTTP Transport for Secure EDIMay 2002 In general, both HTTP serversJan 2003 10. Sender sends encrypted andHTTP clients handling the message templates of [AS1] should be prepared to process these basic EDIINT data formats when they are embedded within MIME multiparts. In addition to the envelopingsigned data, does NOT request a signed or unsigned receipt. 11. Sender sends encrypted andMIME media type options defined in sections 4.2.xsigned data, requests an unsigned receipt. Receiver sends back the unsigned receipt. 12. Sender sends encrypted and4.3.xsigned data, requests a signed receipt. Receiver sends back the signed receipt. NOTE: Users can choose any of"MIME-based Secure Peer-to-Peer Business Data Interchange overtheInternet" [AS1], this specification enablestwelve possibilities, but only thetransport of payload objects containing other MIME media types. Implementors are to followlast example (12), when a signed receipt is requested, offers theappropriate specifications identified under "References"whole suite of security features described in[MIME-TYPES], forthetype of object being transmitted. For example, to send an XML object,"Secure transmission loop" above. Additionally, theMIME media type of application/xml is usedreceipts discussed above may be either synchronous or asynchronous in nature depending on theContent-type MIME header andtype requested. The use of either thespecifications for envelopingsynchronous or asynchronous receipts does not change theobject are contained in [XMLTYPES]; for example: Content-type: application/xml; charset="utf-8" Manynature of thespecifications referenced by [MIME-TYPES] were designed for SMTP transports. Implementors are advised to make appropriate adjustments for HTTP transport as indicated"Secure transmission loop" insection 3support ofthis document. Finally, several industry groups currently makeNRR. 3. Referenced RFC's and their contribution 3.1 RFC 2616 HTTP v1.1 [3] This document specifies how data is transferred using HTTP. 3.2 RFC 1847 MIME Security Multiparts [6] This document defines security multipart for MIME: multipart/encrypted and multipart/signed. 3.3 RFC 1892 Multipart/report [9] This RFC defines the use of"encapsulated"(or opaque) signatures within encrypted or signed objects. Encapsulated signatures should be supported in order to accommodate these existing practices. Objects containing encapsulated signatures must be prepared according tothespecifications contained in section 3.4.2 of [SMIMEV2] or, inmultipart/report content type, something that thecaseMDN RFC 2298 builds upon. 3.4 RFC 1767 EDI Content [2] This RFC defines the use ofPGP, according tocontent type "application" for ANSI X12 (application/EDI-X12), EDIFACT (application/EDIFACT) and mutually defined EDI (application/EDI-Consent). 3.5 RFC 2045, 2046, and 2049 MIME [1] These are thespecifications contained in section 6.2basic MIME standards, upon which all MIME related RFCs build, including this one. Key contributions include definition of"MIME Security with Pretty Good Privacy (PGP)" [MIMEPGP]"content type", "sub-type" and"OpenPGP"multipart", as well as encoding guidelines, which establishes 7-bit US-ASCII as the canonical character set to be used in Internet messaging. 3.6 RFC 2298 MessageFormat" [RFC2440]. 2.1 Requesting Receipts 2.1.1 Requesting MDN-based receipts For requestingDisposition Notification [5] This Internet RFC defines how a MDNbased receipts, the originator supplies metadata usingis requested, and the format and syntax ofextension headers (the [SMTPMSG] header syntax) that precedethemessage body.MDN. Theheader "tags" are as follows: A Disposition-Notification-To header is added to indicate that a message disposition notificationMDN isrequested inthereply to the POST request. This header is specified in [MDN]. It may have values other than email addresses, such as a D-U-N-S number, when it is found as a name parameterbasis upon which receipts and signed receipts are defined ina form-data body part Whenthistag is used in HTTP extension headers, it follows the MDN usage. A Message-ID header is added to support message reconciliation, so that an Original-Message-Id value can be returned inspecification. 3.7 RFC 2633 and 2630 S/MIME Version 3 Message Specifications [8] This specification describes how MIME shall carry Cryptographic Message Syntax (CMS) Objects. 3.8 RFC 2376 XML Media Types [12] This RFC defines theMDNuse of content type "application" for XML (application/xml). Moberg,Brooks,Drummond,Fischer[page7]8] HTTP Transport for Secure EDIMay 2002 body partJan 2003 4. Structure ofthe receipt. (The term "Receipts" is here used to refer to the signed or unsigned multipart/report content.) Both "From" and "To" extension headers SHOULD be supplied.an AS2 message 4.1 Introduction The"From" value needs to havebasic structure of anemail address as specifiedAS2 messages consists of MIME format inside an HTTP message with a few additional specific AS2 headers. The structures below are described hierarchically in[SMTPMSG] and [HTTP]. If other usesterms of"From"which RFC's areneeded, the generalized receiptsapplied tobe next discussed should be used. Thereform therolespecific structure. For details of"From" is replaced by symbols not having a reserved HTTP or SMTP usage. Other headers, especially "Subject" and "Date", should be supplied;how to code in compliance with all RFC's involved, turn directly to thevalues of these headersRFC's referenced. Any difference between AS2 implantations and RFCs areoftenmentioned specifically in thehuman-readable sectionsections below. 4.2 Structure ofaan Internet EDI MIME message No encryption, no signature -RFC2616/2045 -RFC1767/RFC2376 (application/EDIxxxx or /xml) No encryption, signature -RFC2616/2045 -RFC1847 (multipart/signed) -RFC1767/RFC2376 (application/EDIxxxx or /xml) -RFC2633 (application/pkcs7-signature) Encryption, no signature -RFC2616/2045 -RFC2633 (application/pkcs7-mime) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) Encryption, signature -RFC2616/2045 -RFC2633 (application/pkcs7-mime) -RFC1847 (multipart/signed)(encrypted) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) -RFC2633 (application/pkcs7-signature)(encrypted) MDN over HTTP, no signature -RFC2616/2045 -RFC2298 (message/disposition-notification) MDN over HTTP, signature -RFC2616/2045 -RFC1847 (multipart/signed) -RFC2298 (message/disposition-notification) -RFC2633 (application/pkcs7-signature) MDN over SMTP, no signature MDN over SMTP, signature Refer toaid in identifyingtheoriginal message. A Disposition-Notification-Options header is used to request a signed message disposition notification.EDI over SMTP standard [4]. While all MIME content types SHOULD be supported. Theparameters used to select protocolsfollowing MIME content types MUST be supported: Content-type: multipart/signed Content-Type: multipart/report Content-type: message/disposition-notification Content-Type: application/PKCS7-signature Content-Type: application/PKCS7-mime Content-Type: application/EDI-X12 Content-Type: application/EDIFACT Moberg, Drummond, [page 9] HTTP Transport forsigned message disposition notification are foundSecure EDI Jan 2003 Content-Type: application/edi-consent Content-Type: application/XML 5. HTTP Considerations 5.1 Sending EDI in[AS1]. Disposition-Notification-To is a name that, if present, indicates thatHTTP Post Requests The request line will have theMDN style of receipt is to be used. Disposition-notification-options identifies characteristics of message disposition notification in accordanceform: "POST Request-URI HTTP/1.1", with[AS1]spaces and[MDN]. A Receipt-delivery-option isfollowed by aheader whose valueCRLF. The Request-URI is typically exchanged out of band, as part of setting up aURL that indicates how the receipt is tobilateral trading partner agreement. Applications should bedelivered. This header is only used within AS2. The default mode of operation is synchronous within HTTP transport, which means that the receipt (be it MDN, signed MDN, generalized report receipt, or signed report receipt) is returned in the reply body. By using the "receipt-delivery-option,"prepared to deal with anasynchronousinitial replymode can be requested. The values for this option are URLs that indicate the destination for the reply, and may use any appropriate protocol ("mailto", "http", and "https" will be the more common types)containing a status indicating a need forthis information. If this header/metadata is absent, then the modeauthentication ofoperation is synchronous, which means that the receipt is returned inthereplyusual types used for authorizing access to thecurrent HTTP request. 2.1.2 Requesting Generalized Receipts In this section, the ways toRequest-URI ([3], section 10.4.2 and elsewhere). The requestgeneralized receipts are specified. Generalized receipts are multipart/reports with a report-type other than "disposition-notification,"line is followed by entity headers specifying content length ([3] section 14.14) anda second automated response with acontent typeother than "message/disposition-notification". For requesting generalized receipts using the MIME template for multipart/reports [REPORTS], the following metadata elements will be useful. A specific example of a generalized receipt Moberg, Brooks, Drummond, Fischer [page 8] HTTP Transport for Secure EDI May 2002 with report-type "GISB-Acknowledgement-Receipt" will be presented in appendix B.([3], section 14.18). The Host request header ([3] sections 9 and 14.23) is also included. When using Transport Layer Security [10], theterm "metadata" is used inrequest-URI should indicate thefollowing,appropriate scheme value, HTTPS. Usually only a multipart/signed message body would be sent using TLS, as encrypted message bodies would be redundant. Encrypted message bodies are not prohibited, however. The receiving AS2 system MAY disconnect from theterm indicatessending AS2 system before completing theinformation may be supplied in onereception oftwo ways: First,themetadata information may be supplied usingentire entity if it determines thesyntax ofentity being sent is too large to process. For HTTPheaders. That is,version 1.1, TCP persistent connections are thesymbol name is followed by a colondefault, ([3] sections 8.1.2, 8.2, andits value follows; the header19.7.1). A number of other differences exist because HTTP does not conform to MIME [1] as used in SMTP transport. Relevant differences are summarized below. 5.2 Unused MIME headers and operations 5.2.1 Content-Transfer-Encoding not used in HTTP transport HTTP can handle binary data and so there issubjectno need toprocessinguse the Content transfer encodings ofstructured field bodies [SMTPMSG,MIME [1]. This difference is discussed in [3] section3.1.4], also including parameters. Second, the metadata information may be supplied by using the syntax19.4.4. However, a Content transfer encoding value ofthe "name" parameter within the "Content-Disposition"binary or 8-bit is permissible but not required. The absence of this header must not result in transaction failure. Content transfer encoding ofthe multipart/form-data structure, when thatMIMEpackaging [FORMDATA] is used. For example, --boundaryformdata Content-Disposition: form-data; name="Receipt-Report-Type" GISB-Acknowledgement-Receipt --boundaryformdata Within HTML,bodyparts within thesymbols used for these names correspond to the value of the name attribute within the INPUT element, where the "type" attribute has a "text" value. [HTML],AS2 message is also allowed. 5.2.2 Epilogue must be empty In [3] section18;3.7.2, it is explicitly noted that multiparts must have null epilogues. In [4], sections 5.4.1, options forexample, <FORM action="http://somesite.com/responder" method="post"> <INPUT type="text" name="Receipt-Report-Type"> <INPUT type="submit" value="Send"> <INPUT type="reset"> </FORM> To indicatelarge file processing are discussed for SMTP transport. For HTTP, large files should be handled correctly by thevariousTCP layer. However, [3] sections 3.5 and 3.6 discuss some options forgeneralized receipts, the basic metadata that the POSTing client needscompressing or chunking entities toconveybe transferred. [3] section 8.1.2.2 discusses a pipelining option that is useful for segmenting large amounts of data. 5.3 Modification of MIME or other headers or parameters used 5.3.1 Content-Length Because connections are persistent, closing a connection cannot be used to indicate thereplying server are: "Receipt-Disposition-To", and "Receipt-report-type", "Receipt-Security-Selection", "Receipt-Delivery-Option". The presenceend of an entity. Therefore, [3] sections 4.4 and 14.14 indicate themetadata value "Receipt-Disposition-To", using the extensionneed for a Content-Length entity headersyntax, indicatesin a requestfor a generalized receipt. Because HTTP already hasis aroleMUST. The only exception to this forthe "From" header, the "Receipt-Disposition-To" headerAS2 messages isused to avoid conflicts with [HTTP],whenusing the header syntax for metadata. (Withinamultipart/form-data package, the "From" value can be used to identify the sending party without any conflict withone-line, successful, HTTPheaders.) Notice thatresponse is provided. 5.3.2 Final and Original Recipient The final and original recipient values SHOULD be thevalue for this identifier need notsame value. These values MUST NOT bean email addressaliases ora URL. In this way, other systems of identification (such as a DUNS number) may bemailing lists. 5.3.3 Message-Id and Original-Message-Id Moberg,Brooks,Drummond,Fischer[page9]10] HTTP Transport for Secure EDIMay 2002 used, if needed. Notice that the information needed for delivery of the receiptJan 2003 Message-Id and Original-Message-Id isfoundformatted as defined inthe receipt-delivery-option element described below; delivery informationRFC2822: "<" id-left "@" id-right ">" (RFC2822 3.6.4) Message-Id length isnot generally needed if the default modea maximum ofoperation occurs. In that case, the receipt just goes back in the reply998 characters. For maximum backward compatibility, Message-Id length SHOULD be 255 characters or less. Message-Id SHOULD be globally unique, id-right should be something unique to thecurrent HTTP request. "Receipt-Report-Type" indicatessending host environment (e.g. a host name).When sending a message, always include thedesired valueangle brackets. Angle brackets are not part of the"report-type" parameterMessage-Id value. For maximum backward compatibility, when receiving a message, do not check for angle brackets. When creating the Original-Message-Id header in an MDN, always use themultipart/report content type of a specific version ofexact syntax as received on thegeneralized receipt. This parameteroriginal message - don't strip or add angle brackets. 5.3.4 Host header The host request header field must besuppliedincluded in the POST request made when"Receipt-Disposition-To"sending business data. This field isusedtoindicate a request for a generalized receipt because this indicates what specific type of receipt is desired. An example for this value (discussed in appendix A) is "GISB-Acknowledgement-Receipt". "Receipt-Security-Selection" is a name that indicates the protocol and algorithm choices for a digital signature over the receipt. Signatures are always in multipart/signed packages. The format for protocolallow one server IP address to service multiple hostnames, andalgorithm choices is that used in [AS1]potentially conserve IP addresses. See [3], sections 14.23 and[MDN]; for19.5.1. 5.4 HTTP Response Status Codes The status codes return status concerning HTTP operations. For example,Receipt-Security-Selection: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,rsa-sha1 "Receipt-Delivery-Option"the status code 401, together with the WWW-Authenticate header, is used toindicatechallenge theURL for asynchronous delivery ofclient to repeat thereceipt. While the default mode of operation within HTTP transport is to return the receipt(be it MDN, signed MDN, generalized receipt, or signed generalized receipt)request with an Authorization header. Other explicit status codes are documented inthe reply body, asynchronous reply is allowed through use of this symbol. The URLs will typically use the "MAILTO", "HTTP",[3], sections 6.1.1 and"HTTPS" schemes.throughout section 10. For errors in theHTTPrequest-URI, 400 ("Bad Request"), 404 ("Not Found") andHTTPS schemes, the POST method is to be used. 2.1.2.1 Additional Commonly Used Headers The following set of header data elementssimilar codes arealso available for use. Organizations wishing to use this specification for the secureappropriate status codes. These codes andreliable transport of business documentstheir semantics arenot required to utilize allspecified by [3]. A careful examination of theseheaderscodes andare free to use whatever subset they deem appropriate fortheirbusiness needs. TO: The To name contains an identifier identifying the intended recipient of a data exchange and maysemantics should beD&B D-U-N-S number [DUNS] or other agreed upon identifier system. Applicationsmade before implementing any retry functionality. Retries shouldallow users to configure these elements innot be made if theautomatederror is not transient or if retries are explicitly discouraged. 5.5 HTTPagents Moberg, Brooks, Drummond, Fischer [page 10]Error Recovery If the HTTPTransport for Secure EDI May 2002 processing these values. For example,client fails to read thebody part MIME header line looks likeHTTP server response data, thefollowing line: Content-Disposition: form-data; name="To" FROM:POST operation with identical content, including same Message-ID should be repeated, if the condition is transient. TheFrom name containsMessage-ID on atextual value identifying the senderPOST operation can be reused if and only if all ofa data exchange, such asthea D&B D-U-N-S number [DUNS] as in [GISB]. Because "From" has a specified use within [HTTP],content (including theFrom name parameteroriginal Date) isnot to be considered equivalent to the extension header. If an extension header "From" is to be used within HTTP, it should conform to the usage, syntax, and semantics of [HTTP] section 14.22. The extension header counterpart of the senderidentical. Details ofa data exchange istheextension header versionretry process -- including time intervals to pause, number of"Receipt-disposition-to" INPUT-FORMAT: The Input-format name identifies the typeretries to attempt, timeouts for retrying -- are implementation dependent. These settings are selected as part ofdata contained in a data file. AGENT: The Agent name parameter indicates the network or agent where the data exchange originated. APPLICATION: The Application name identifiestheapplication usedtrading partner agreement. Servers should be prepared toprocess the data next (after the URI-request process has finishedreceive a POST withthe stream). DATETIME:a repeated Message-ID. TheDateTime name provides the date and timeMIME reply body previously sent should be resent, including thedata was createdMDN anduses the format specified in [SMTPMSG] as updated by RFC 1123. REFNUM:other MIME parts. 6. Additional AS2 Specific HTTP Headers TheRefNum is an integer value usedfollowing headers are touniquely identify the communication exchange and isbe included ina textual format. The RefNum is similar to the Message-IDall AS2 messages andContent-Id headers of SMTPall AS2 MDNs, except for asynchronous MDNs that areused in constructing values in receipts based on MDNs. USERPARAM: The UserParam is a user-defined parameter. Version:sent over SMTP [4] and single line HTTP 1.1 responses (section 5.5). 6.1 AS2 Versionis a protocol version number [GISB]. TRANSACTION-SET: Transaction-set is an optional data element identifying the EDI transaction. INPUT-DATA: Input-data is the sending side's local file system nameHeader Moberg,Brooks,Drummond,Fischer[page 11] HTTP Transport for Secure EDIMay 2002 for the file being sent. The payloadJan 2003 To promote backward compatibility AS2 includes a version: AS2-Version: 1.0 - iscontainedused in all implementations implementing this specification. 1.x will be interpreted as 1.0 by all implementation implemented with thebody part ofAS2-Version: 1.0 header. That is only the most significant digit is used as the version identifier for those not implementing additional non-AS2 specified functionality. AS2-Version: 1.0 through 1.9 MAY be used All implementations WILL interpret "1.0 through 1.9" as implementing thisheader element. PRIORITY: The "Priority" namespecification. However implementation MAY extend this specification with additional functionality by specifying versions 1.1 through 1.9. If this mechanism is usedto indicatetheprocessing priority of each message relativeadditional functionality WILL be completely transparent toother messages sentimplementations with AS2-Version: 1.0 designation. AS2-Version: 1.1 - Designates those implementation which support Compression as defined bya given party. The value "1" indicates highest priority and a valueRFC 3274. Receiving systems MUST NOT fail due to the absence of"5" indicatesthelowest priority. EXPIRATION: The "Expiration" name is used toAS2-Version header. Absence would indicate thedate and time at which amessage isno longer transportable. No message delivery should be attempted beyond the date and time specified in this value. The date/time format must follow the specifications contained in section 5 of RFC822. 2.1.3 Summary Remarksfrom an implementation based onReceipt request options Applications are encouraged to support handling all metadata values whether they make use of the name parameter syntax withinamultipart/form-data or whether they useprevious version of this specification. 6.2 AS2 System Identifiers To aid themessage header syntax usedreceiving system inSMTP or HTTPidentifying the sending system, AS2-From and AS2-To headers[SMTPMSG]. If metadata itemsarerepeated in extensionused. AS2-From: < AS2-name > AS2-To: < AS2-name > These AS2 headersand in form-data parts, but the values are not the same,contain textual values, as described below, identifying theextension headersender/receiver of a data exchange. Their valueswill be selected for use. Because the value in Receipt-Disposition-Tomayhave no significance for how the receipt is transported, the extension header "Receipt-delivery-option" is tobeused to provide that information. The receipt-delivery-option's value shouldcompany specific, such as DUNS number, or it may bea URL indicating the delivery transport destination forsimply an identification string agreed upon between thereceipt.trading partners. AS2-text = "!" / ; printable ASCII characters %d35-91 / ; except double-quote (%d34) %d93-126 ; or backslash (%d92) AS2-qtext = AS2-text / SP ; allow space only in quoted text AS2-quoted-pair = "\" DQUOTE / ; \" or "\" "\" ; \\ AS2-quoted-name = DQUOTE 1*128( AS2-qtext / AS2-quoted-pair) DQUOTE AS2-atomic-name = 1*128AS2-text AS2-name = AS2-atomic-name / AS2-quoted-name TheReceipt-delivery-option field is used when asynchronous delivery is desired. It should not be present if the intention is to deliver the reply synchronously; synchronous delivery of the reply isAS2-From header value and thedefault mode of delivery. For signed generalized receipts, an extensionAS2-To headerof "Receipt-security-selection" shouldvalue MUST each beaddedan AS2-name, MUST each be comprised of from 1 toindicate the desired security protocol for the multipart/signed over the multipart/report. In summary, the receipt request128 printable ASCII characters andconstruction processes now have the following options: 1. Receipt requests are made by conveying metadata values using a syntax of either the name parameterMUST NOT be folded. The value ina multipart/form-data's Content-Disposition headers or by using a syntaxeach ofHTTP extension headers.these headers is case-sensitive. The string definitions given above are in ABNF format. The AS2-quoted-name SHOULD be used only if the AS2-name does not conform to AS2-atomic-name. Moberg,Brooks,Drummond,Fischer[page 12] HTTP Transport for Secure EDIMay 2002 2. Both MDNJan 2003 The AS2-To andgeneralized receipts can be requested using either syntax. However, using an extensionAS2-From headersyntaxfields MUST be present in all AS2 messages andrequesting a MDN receipt means restrictingAS2 MDN's whether asynchronous or synchronous in nature, except for asynchronous MDNs which are sent using SMTP. The sending system may choose to limit the"From"possible AS2-To/AS2-From textual valuesto email addresses. 3. Either type of receipt comes in signed or unsigned versions. 4. Finally, receiptsbut must not exceed them. The receiving system must make no restrictions on the textual values and should handle all possible implementations. However, implementers must be aware that older AS2 products may not adhere to this convention. Trading partner agreements should bedelivered synchronously (delivered inmade to insure that older products can support theHTTP reply)system identifiers that are used. If either the AS2-From or the AS2-To or the combination of both header values is determined to be invalid orasynchronouslyunknown byusingthe"Receipt-delivery-option" header. 2.2 Sending EDIreceiving system, the receiving system MAY respond inHTTP Client Requests using POST For sending EDI,one of the followingprotocol elements are typically present: a request line ([HTTP], section 5.1), entity headers, a CRLF pairways, but is not limited tomarkthese options: 1. The receiving AS2 system MAY disconnect from theendsending AS2 system before completing the reception of the entire entityheaders, followed byif it determines themessage-body.HTTP headers do not represent a valid trading-relationship. 2. Therequest line will have the form: "POST Request-URI HTTP/1.1",receiving AS2 system MAY return an HTTP response withspaces and followed byaCRLF. The Request-URI is typically exchanged out of band, as partresponse code in the 2xx range, with or without any explanation ofsetting up a bilateral trading partner agreement. Applications should be prepared to dealthe error, even if the sending system requested an MDN. 3. The receiving AS2 system MAY return an unsigned MDN with aninitial reply containing a status indicating a need for authenticationexplanation of theusual types used for authorizing access toerror, if theRequest-URI ([HTTP], section 10.4.2sending system requested an MDN. 7. Structure andelsewhere). AutomationProcessing ofthis process is not discussed in this document but might involve obtainingan MDN Message 7.1 Introduction In order to support non-repudiation of receipt, asession URL fromsigned receipt, based on digitally signing apage requesting authentication and possibly other information about proposed EDI standard versions and other trading conventionsmessage disposition notification, is to beused. The request line is followedimplemented byentity headers specifying content length ([HTTP] section 14.14) and content type [HTTP], section 14.18.a receiving trading partner's UA. TheHost request header ([HTTP] sections 9 and 14.23)message disposition notification, specified by RFC 2298 isalso included. The entity or extension headers used for requestingdigitally signed by aMDN (unsigned or signed) have previously been mentioned, as have those ("To" "From" "Message-Id") that are neededreceiving trading partner asvalues for MDN fields orpart of a multipart/signed MIME message. The following support forother receipt requests. For generalizedsigned receiptsbased onis REQUIRED: 1) The ability to create a multipart/report; where themultipart/report content type,report-type = disposition-notification. 2) The ability to calculate a message integrity check (MIC) on themetadata canreceived message. The calculated MIC value will be returned to thevalues found in extension headers, but can also be placed in body partssender ofa multipart/form-data using "name" parameters inthecontent-disposition header. Finally,message inside thepayload is found in any ofsigned receipt. 3) The ability to create a multipart/signed content with the messagepatterns of [AS1] sections 4.2.1disposition notification as the first body part, and the signature as the second body part. 4) The ability to4.2.4 or 4.3.1return the signed receipt to4.3.4 for PGP/MIMEthe sending trading partner. 5) The ability to return either a synchronous orS/MIME security. These payloads may arriveasynchronous receipt as the"input-data" part of the multipart/form-data or may even be enclosed in some other multipart. Moberg, Brooks, Drummond, Fischer [page 13] HTTP Transportsending party requests. The signed receipt is used to notify a sending trading partner that requested the signed receipt that: 1) The receiving trading partner acknowledges receipt of the sent EC Interchange. 2) If the sent message was signed, then the receiving trading partner has authenticated the sender Moberg, Drummond, [page 13] HTTP Transport for Secure EDIMay 2002 2.3 Using Transport Layer Security To use Transport Layer Security [TLS],Jan 2003 of therequest-URI should indicateEC Interchange. 3) If theappropriate scheme value, HTTPS. Usually only a multipart/signed message body would besentusing TLS, as encrypted message bodies would be redundant. Encryptedmessagebodies are not prohibited, however. For asynchronous receipt delivery requests, usewas signed, then the"Receipt-delivery-option" header with a URL value making usereceiving trading partner has verified the integrity of theHTTPS scheme to obtain confidentiality. 2.4 Response Status Codes in Replies The status line for response to errorssent EC Interchange. Regardless of whether the EDI/EC Interchange was sent in S/MIME format or not, thePOST request line will be provided by a status line withreceiving trading partner's UA MUST provides the followingprotocol elements present ([HTTP], section 6.1): HTTP version (normally, The status codes return status concerning HTTP operations. For example,basic processing: 1) If thestatus code 401, together withsent EDI/EC Interchange is encrypted, then theWWW-Authenticate header,encrypted symmetric key and initialization vector (if applicable) isused to challengedecrypted using theclientreceiver's private key. 2) The decrypted symmetric encryption key is then used torepeatdecrypt therequest with an Authorization header. Other explicit status codes are documentedEDI/EC Interchange. 3) The receiving trading partner authenticates signatures in[HTTP], sections 6.1.1 and throughout section 10. HTTP/1.1),astatus code, reason phrase,message using the sender's public key. The authentication algorithm performs the following: a) The message integrity check (MIC or Message Digest), is decrypted using the sender's public key. b) A MIC on the signed contents (the MIME header andCRLF. For errorsencoded EDI object, as per RFC 1767) in therequest-URI, 400 ("Bad Request"), 404 ("Not Found") and similar codes are appropriate status codes. These codes and their semantics are specified by [HTTP]. A careful examination of these codesmessage received is calculated using the same one-way hash function that the sending trading partner used. c) The MIC extracted from the message that was sent, andtheir semantics should be made before implementing any retry functionalitythe MIC calculated using the same one-way hash function thatis described below; specifically, retries should not be made iftheerrorsending trading partner used isnot transient or if retries are explicitly discouraged (for real authentication failures,compared forexample.) 2.5 Receipt Replyequality. 4) Thedetails ofreceiving trading partner formats theresponse toMDN and sets thePOST command vary depending upon whethercalculated MIC into the "Received-content-MIC" extension field. 5) The receiving trading partner creates areceipt has been requested and upon what kindmultipart/signed MIME message according to RFC 1847. 6) The MDN is the first part ofreceipt has been requested. With no extended header requesting a receipt, and no errors accessingtherequest-URI specified processing,multipart/signed message, and thestatus line indigital signature is created over this MDN, including its MIME headers. 7) The second part of theResponse tomultipart/signed message contains thePOST request should bedigital signature. The "protocol" option specified in the200 range. Status codes insecond part of the200 range should also be used when an entity is returned (a signed receipt in amultipart/signed is as follows: S/MIME: protocol = "application/pkcs-7-signature" 8) The signature information is formatted according to S/MIME specifications. The EC Interchange and the RFC 1767 MIME EDI contenttype or an unsigned receipt inheader can actually be part of amultipart/report). Even whenmulti-part MIME content-type. When thedispositionEDI Interchange is part of a multi-part MIME content-type, thedata was an error condition atMIC MUST be calculated across theauthentication, decryption or other higher level, the HTTP status code should indicate success atentire multi-part content, including theHTTP level.MIME headers. TheHTTP server-side application may respond with an unsolicited multipart/report as a message body thatsigned MDN, when received by the sender of theHTTP client Moberg, Brooks, Drummond, Fischer [page 14] HTTP Transport for SecureEDIMay 2002 might not have solicited, but this mayInterchange can bediscardedused by theclient. Applications should avoid emitting unsolicited receipt replies because bandwidth or processing limitations might have led administrators to suspend asking for acknowledgements. When a Disposition-Notification-To extension header is present insender: 1) As an acknowledgment that thePOST request entity headers, then entity headers forEDI Interchange sent, was delivered and acknowledged by theMDN should be included.receiving trading partner. Thecontent type for the MDN receipt (multipart/report [REPORT] or multipart/signed [SECURITY]) should be included inreceiver does this by returning theResponse entity headers. The basic responsibilitiesoriginal-message-id ofresponding to requests are discussed in [AS1] section 5, and in detail within section 5.2.1. 2.5.1 MDN based Receipts and Signed MDN Receipts Message Disposition Notifications, when usedthe sent message in theHTTP reply context, will closely parallel a SMTP MDN. For example,MDN portion of thedisposition field is a required element insigned receipt. 2) As an acknowledgment that themachine readable second partintegrity ofa multipart/report for a MDN.the EDI Interchange was verified by the receiving trading partner. Thefinal-recipient-field ([MDN] section 3.1) value should be derived fromreceiver does this by returning theentity headerscalculated MIC of therequest. Ifreceived EC Interchange (and 1767 MIME headers) in the"To""Received-content-MIC" fieldis missing, forof the signedmessages,MDN. 3) As an acknowledgment that thevalue for Original-recipient may bereceiving trading partner has authenticated theemail address field fromsender of thesigner's X.509 attribute for email addresses, if that value is available. ForEDI Interchange. 4) As aMDN, an application must report the Message-ID of the request. The human readable part (the first partnon-repudiation ofthe multipart/report) should include items such as the subject, date and other informationreceipt whenthose fields are present in entity header fields following the POST request. The HTTP reply should normally omit the third optional part ofthemultipart/report (used to returnsigned MDN is successfully verified by theoriginal message or its headers insender with theSMTP context). 2.5.2 Generalized Receiptsreceiving trading partner's public key andSigned Receipts For generalized receipts, the multipart/report [REPORT] or a multipart/signed containing a multipart/report as the signed data isthebasic MIME packaging. Each generalized receipt needs areturned MIC valueforinside themultipart/report parameter, "report-type," a selection of a content-type for its second body part, when signed, a hash value over a defined portion ofMDN is theoriginal message and, when asynchronously delivered, information allowingsame as theidentificationdigest of the originalPOSTed message. The basic structure of the multipart/report is used so that the first part is a "human-readable" message concerning the receivedmessage.The second part should be for automated process utilization. It should at least possess some common InternetMoberg,Brooks,Drummond,Fischer[page15]14] HTTP Transport for Secure EDIMay 2002 syntax for expressing namesJan 2003 7.2 Synchronous andvalues, such as the [SMTPMSG] header syntax, XML, or some MIME content type correlated with automated processing.Asynchronous MDNs TheMDN requirements, therefore, are removed for this second part, but information usedAS2-MDN exists inMDNs may be used here.two varieties: synchronous and asynchronous. Thethird partsynchronous AS2-MDN is sent as an HTTP response to an HTTP POST or as an HTTPS response to an HTTPS POST. This form of AS2-MDN is called synchronous because themultipart reportAS2-MDN isusually omitted inreturned to theHTTP context, but could includeoriginator of theextension headers, or evenPOST on theentire payload, to provide diagnostic information. A multipart/signed over a multipart/reportsame TCP/IP connection. The asynchronous AS2-MDN isconstructed precisely insent on a separate HTTP, HTTPS, or SMTP TCP/IP connection. Logically, thesame way asasynchronous AS2-MDN is amultipart/signed overresponse to an AS2 message. However, at the transfer-protocol layer, assuming that no HTTP pipelining is utilized, the asynchronous AS2-MDN is delivered on aMDN [AS1]. One metadata element shouldunique TCP/IP connection, distinct from that used to deliver the original AS2 message. When handling an asynchronous request, the HTTP response must bewithinsent back before theautomated part. ThisMDN is processed and sent on theReceived-Content-MIC (also allowing X-Received-Content-MIC). This valueseparate connection. When an asynchronous AS2-MDN isconstructed and formatted as described in [AS1] andrequested by thesyntax should be either RFC822: Received-Content-MIC: w7AguNJEmhF/qIjJw6LnnA==, rsa-md5sender of an AS2 message, the synchronous HTTP orsimple XML <ReceivedContentMic algid=rsa-md5 encode=base64 > w7AguNJEmhF/qIjJw6LnnA== </ReceivedContentMic> Original-Message-ID: <43141asfioufasd@somewhere.com> OtherwiseHTTPS response returned to theautomated acknowledgement semantics are left opensender prior tospecific definition by other electronic commerce communities, such as in [GISB]. Each specializationterminating the connection MUST be a transfer-layer response indicating the success or failure of thegeneralized receipt should make usedata transfer. The format of such aexplicit identifying value tosynchronous response MAY beplaced intheparameter "report-type," Any original metadata thought useful to include insame as that response returned when no AS2-MDN is requested. The following diagram illustrates theautomated partsynchronous versus asynchronous varieties of AS2-MDN delivery: Synchronous AS2-MDN [C] ----( connect )----> [S] [C] -----( send )------> [S] [HTTP Request [AS2-Message]] [C] <---( receive )----- [S] [HTTP Response [AS2-MDN]] Asynchronous AS2-MDN [C] ----( connect )----> [S] [C] -----( send )------> [S] [HTTP Request [AS2-Message]] [C] <---( receive )----- [S] [HTTP Response] [C]*<---( connect )----- [S] [C] <--- ( send )------- [S] [HTTP Request [AS2-MDN]] [C] ----( receive )----> [S] [HTTP Response] * Note: An AS2-MDN may bereflected back using "Original-X", as in Content-Type: multipart/report; report-type="identifying-value"; boundary="=-Trfds88fd99" Implementations should attempt to be configurabledirected toallow for new report-type valuesa different host than that of the sender of the AS2 message and may utilize a different transfer protocol than that used tobe added; communitiessend the original AS2 message. The advantage of the synchronous MDN is that it canthen agree toprovide thespecific extensions they need to support application level routing, transaction identification, timestamps, and other specialized information aboutsender of thedata they have exchanged. Moberg, Brooks, Drummond, Fischer [page 16] HTTP Transport for Secure EDI May 2002 2.6 Additional Reply Content In general, both HTTP servers and HTTP clients should be prepared to process the basic EDIINT data formats when they are embeddedAS2 Message with a verifiable confirmation of message delivery withinMIME multiparts. Thisa synchronous logic flow. However, if the message istrue for HTTP request payloads as well as HTTP reply payloads. So, as previously mentioned, for HTML-based POSTS, any ofrelatively large, theEDIINT templates described in [AS1], sections 4.2.1 to 4.2.4 or 4.3.1time required to4.3.4 for PGP/MIME or S/MIME security, may be found as parts of a multipart/form-data. [Consult Appendix A for the templates adapted forprocess thisdocument.] In addition, the responsemessage and return an AS2-MDN to thePOST operationsender on the same TCP/IP connection mayinclude other MIME wrapped content besidesexceed the maximum configured time permitted for anMDN Receipt, Signed MDN, Generalized Receipt or Signed Generalized Receipt. If a receipt was requested withinIP connection. The advantage of thePOST data, and additional contentasynchronous MDN isto be returned, the receipt multipart/report must be combined withthat it provides for theother data using some MIME multipart pattern. Real-time EDI processing systems may use MIME multipart content-types to includerapid return of a transfer-layer responseEDI message, for example,from the receiver confirming the receipt of data, therefore not requiring aQuote in responseTCP/IP connection toa Request-For-Quote transaction. Also, if requested,necessarily remain open for very long. However, this design requires that thesender may request anasynchronousmode for return of receipt. This mode is indicatedAS2-MDN contain enough information to uniquely identify the original message so that, when received byincludingthemetadata for Receipt-delivery-option as explained above. 2.7 Non-RepudiationAS2 Message originator, the status of thePOST Reply Iforiginal AS2 Message can be properly updated based on thereply to a POST operation needs a MDN receipt for non- repudiation (for example,contents of thereply includes content other than a receipt),AS2-MDN. Synchronous MDNs and asynchronous HTTP and HTTPS MDNs are handled according to thetop-level headers in the response include the same headers required for POST data described above: Disposition-Notification-To, Message-ID, From, and To. Other headers described above used in a MDN should be included, for example, Date and Subject. The MDN receiptrequirements of this specification. However, asynchronous SMTP MDNs are formatted according theresponse data is returned usingrequirements of RFC 3335 [4]. 7.3 Requesting asubsequent POST operation.signed receipt Message Disposition Notifications are requested as per RFC 2298. APOST operation used only to transmit an MDN MUST NOT includerequest that theDisposition-Notification-To receipt request, and only a 200 ("OK") response would be expected. An MDN in response to a reply may be combined withreceiving user agent issue asubsequent EDImessagesent with a POST operation, for example a Purchase-Order transaction in response to a Quote. The MIME multipart/mixed formdisposition notification isused to combine the MDN withmade by placing theother data,following header into thesame as for a POST reply.message to be sent: MDN-request-header = "Disposition-notification-to" ":" mail-address Moberg,Brooks,Drummond,Fischer[page17]15] HTTP Transport for Secure EDIMay 2002 2.8 Error Recovery IfJan 2003 This syntax is a residual of theHTTP client fails to readuse of MDN's in a SMTP transfer. Since this specification is adjusting the functionality from SMTP to HTTPserver response data,and retaining as much as possible from thePOST operation with identical content (including Message-ID, RefNum,[4] functionality, the mail-address must be present but has no meaning in this specification. The mail-address field is specified as an RFC 2822 local-part@domain [addr-spec] address, andother header elements) shouldwhile it MUST berepeated, ifpresent, it MUST NOT be used in any manner in products. Lack of theerror condition is transient. The Message-ID or RefNum onappropriate syntax WILL BE ignored by the receiving application. In addition to requesting aPOST operationmessage disposition notification, an asynchronous message disposition notification can bereused if and only if all of the content (includingrequested by placing theoriginal Date) is identical. Details offollowing header into theretry process -- including time intervalsmessage topause, numberbe sent: Receipt-Delivery-Option: return-url For requesting MDN based receipts, the originator supplies the syntax ofretries to attempt, timeouts for retrying --extension headers that precede the message body. The header "tags" areimplementation dependent. Servers should be preparedas follows: A Disposition-notification-to header is added toreceive a POST withindicate that arepeated Message-ID. The MIME reply body previously sent should be resent, includingmessage disposition notification is requested in theMDN and other MIME parts. 3. Other differencesreply tonotice in HTTP and SMTP based transport For HTTP version 1.1, TCP persistent connections arethedefault, ([HTTP] sections 8.1.2, 8.2, and 19.7.1).POST request. This header is specified in [5]. Anumber of other differences exist because HTTP does not conformMessage-ID header is added toMIME [MIME] as used in SMTP transport. Relevant differences are summarized below. 3.1 Unused MIME headers and operations 3.1.1 Content-Transfer-Encoding not used in HTTP transport HTTPsupport message reconciliation, so that an Original-Message-Id value canhandle binary databe returned in the body part of MDN. Other headers, especially "Subject" andso there is no need to use"Date", SHOULD be supplied; theContent transfer encodingsvalues ofMIME [MIME]. This difference is discussedthese headers are often mentioned in[HTTP] section 19.4.4. 3.1.2 Epilogue must be empty The EBNF for a multipart [MIME] RFC 2046,the human-readable section5.1.1 allowsof amultipartMDN tohave trailing octets afteraid in identifying theclose delimiter. In [HTTP] section 3.7.2, it is explicitly noted that multiparts must have null epilogues. 3.1.3 Lengthyoriginal message. Disposition-notification-options identifies characteristics of messagebodies In [AS1], section 5.4.1,disposition notification in accordance with [5]. EXAMPLE: Disposition-notification-to: xxx@temp.org // Requests the MDN Disposition-notification-options: // The signing options signed-receipt-protocol=optional, pkcs7-signature; // forlarge file processing are discussed for SMTP transport. For HTTP, large files should be handled correctly bytheTCP layer. However, [HTTP] sections 3.5 and 3.6 discuss some options for compressing or chunking entitiesMDN signed-receipt-micalg=optional, sha1, md5 Receipt-Delivery-Option: return-url // Requests the MDN // to betransferred. Section 8.1.2.2 discusses a pipelining option thatasynchronous Disposition-notification-options syntax: Disposition-notification-options = "Disposition-Notification-Options" ":" disposition-notification-parameters where disposition-notification-parameters = parameter *(";" parameter) where parameter = attribute "=" importance ", " 1#value" where importance = "required" | "optional" So the Disposition-notification-options string could be: signed-receipt-protocol=optional, <protocol symbol>; signed-receipt-micalg=optional, <micalg1>, <micalg2>,...; The currently supported value for <protocol symbol> isuseful"pkcs7-signature" forsegmenting large amounts of data.the S/MIME detached signature format. The currently supported values for MIC algorithm <micalg> values are: Algorithm Value Used -------- ------- MD5 md5 Moberg,Brooks,Drummond,Fischer[page18]16] HTTP Transport for Secure EDIMay 2002 3.2 Differences in MIME or other headers or parameters used 3.2.1 Content-Length Because connections are persistent, closing a connection cannotJan 2003 SHA-1 sha1 Receiving agents SHOULD beusedable toindicate the end of an entity. Therefore, [HTTP] sections 4.4 and 14.14 indicate the need for a Content-Length entity header inrecover gracefully from arequest. 3.2.2 Final and Original Recipient The final and original recipient distinction should not arise for HTTP transport because SMTP aliases and mailing lists should<micalg> parameter value that they do notbe used. 3.2.3 Message-Id and Original-Message-Idrecognize. Receipt-delivery-option syntax: TheMessage-Id and Original-Message-Id distinction should not arise for HTTP transport because SMTP MTA alterations should not occur. Message-Id"receipt-delivery-option: return-url" string indicates the url to return the asynchronous MDN. This string isformatted as defined in RFC2822: "<" id-left "@" id-right ">" (RFC2822 3.6.4) Message-Id lengthNOT present if the receipt isa maximum of 998 characters. For maximum backward compatibility, Message-Id length SHOULDto be255 characterssynchronous. Because the email value in Disposition-notification-to has no significance for how orless. Message-Id SHOULD be globally unique, id-right shouldwhere the receipt is transported, the extension header "Receipt-delivery-option" is to besomething uniqueused tothe sending host environment (e.g. a host name). When sendingprovide that information. The receipt-delivery-option's value MUST be amessage, always include the angle brackets. Angle brackets are not part ofURL indicating theMessage-Id value. For maximum backward compatibility, when receiving a message, do not checkdelivery transport destination forangle brackets. When creatingtheOriginal-Message-Id header inreceipt. An example request for anMDN, always use the exact syntax as received on the original message - don't strip or add angle brackets. 3.2.4 Host header The hostasynchronous MDN via an HTTP transport: Receipt-delivery-option: http://www.AS2system.com An example requestheader field must be included in the POSTfor an asynchronous MDN via an HTTP/S transport: Receipt-delivery-option: https://www.AS2system.com An example requestmade when sending business data. This field is to allow one server IP address to service multiple hostnames, and potentially conserve IP addresses. See [HTTP], sections 14.23 and 19.5.1. Moberg, Brooks, Drummond, Fischer [page 19] HTTP TransportforSecure EDI May 2002 4. Additional AS2 specific HTTP headers The following headers are to be included in all AS2 messages and all AS2 MDNs. 4.1 AS2 Version Header To promote backward compatibility AS2 includes a version: AS2-Version: 1.0 This header MUST be presentan asynchronous MDN via an SMTP transport: Receipt-delivery-option: mailto:joe@abc.com For more information onall AS2 messages and AS2requesting SMTP MDNs,but not in a single line response (see section 2.4). Receiving systems MUST NOT fail duerefer tothe absenceRFC 3335 [4]. The semantics of theAS2-Version header. This would indicate"signed-receipt-protocol" and themessage"signed-receipt-micalg" parameters The semantics of the "signed-receipt-protocol" parameter isfrom an older system. 4.2 AS2 System Identifiersas follows: 1) Thereceiving system needs"signed-receipt-protocol" parameter is used toobtainrequest a signed receipt from theidentity ofrecipient trading partner. The "signed-receipt-protocol" parameter also specifies thesending system. This may be company specific, such as DUNS number, or it mayformat in which the signed receipt should besimply an identification string agreed upon betweenreturned to thetrading partners.requester. Thetwo AS2 headers are: AS2-From: < AS2-name > AS2-To: < AS2-name > These AS2 headers contain textual values, as described below, identifying the sender/receiver of"signed-receipt-micalg" parameter is adata exchange. This information MUST appear either inlist of MIC algorithms preferred by theAS2-From/AS2-To headers orrequester for use in signing theGISB Form-Data; name="from"/"to" (see appendix B). AS2-text = "!" / ; printable ASCII characters %d35-91 / ; except double-quote (%d34) %d93-126 ; or backslash (%d92) AS2-qtext = AS2-text / SP ; allow space only in quoted text AS2-quoted-pair = "\" DQUOTE / ; \" or "\" "\" ; \\ AS2-quoted-name = DQUOTE 1*128( AS2-qtext / AS2-quoted-pair) DQUOTE AS2-atomic-name = 1*128AS2-text AS2-name = AS2-atomic-name / AS2-quoted-namereturned receipt. TheAS2-From header value and the AS2-To header value MUST each be an AS2-name, MUST each be comprisedlist ofMoberg, Brooks, Drummond, Fischer [page 20] HTTP Transport for Secure EDI May 2002MIC algorithms should be honored by the recipient from1left to128 charactersright. Both the "signed-receipt-protocol" andMUST NOT be folded.the "signed-receipt-micalg" option parameters are REQUIRED when requesting a signed receipt. Thevalue in eachlack ofthese headersthe presence of the "Receipt-Delivery-Option" indicates a receipt iscase-sensitive.synchronous in nature. TheAS2-quoted-name SHOULD be used only ifpresence of theAS2-name does not conform"Receipt-Delivery-Option: return-url" indicates that an asynchronous receipt is requested and should be sent toAS2-atomic-name.the "return-url". 2) Thestring definitions given above are"importance" attribute of "Optional" is defined inABNF format. 4.2.1 Unrecognized System Identifiers If either the AS2-From ortheAS2-To orRFC 2298 section 2.2 and has thecombinationfollowing meaning: Parameters with an importance ofboth header values is determined to be invalid or unknown by the receiving system,"Optional" permit a UA that does not understand thereceiving system MAY respondparticular options parameter to still generate a MDN inone of the following ways, but is not limitedresponse tothese options: 1. The receiving AS2 system MAY disconnect from the sending AS2 system before completing the reception ofa request for a MDN. A UA that does not understand theentire entity if it determines"signed-receipt- protocol" parameter, or theHTTP headers do"signed-receipt-micalg" will obviously notrepresentreturn avalid trading-relationship. 2.signed receipt. Thereceiving AS2 system MAY disconnect from the sending AS2 system before completing the receptionimportance of "Optional" is used for theentire entity ifsigned receipt parameters because itdetermines the entity being sentistoo large to process. 3. The receiving AS2 system MAY returnRECOMMENDED that anHTTP response with a response code in the 2xx range, with or without any explanation ofMDN be returned to theerror,requesting trading partner even if thesending system requested an MDN. 4.recipient could not sign it. Thereceiving AS2 system MAY return an unsignedreturned MDNwithwill contain information on the disposition of the message as well as why the MDN could not be signed. See the Disposition field in section 7.5 for more information. Within anexplanationEDI trading relationship, if a signed receipt is expected and is not returned, then the validity of theerror,transaction is up to the trading partners to resolve. In general, if a signed receipt is required in thesending system requested an MDN.trading relationship and is not received, the transaction will likely not be considered valid. Moberg,Brooks,Drummond,Fischer[page21]17] HTTP Transport for Secure EDIMay 2002 Appendices A. AS2 MIME templates Structure of an AS2 MIME message - PGP/MIME No encryption, no signature (analog of 4.2.1) -RFC2068/2045 -RFC1767/RFC2376 (application/EDIxxxx or /xml) No encryption, signature (analog of 4.2.2) -RFC2068/2045 -RFC1847 (multipart/signed) -RFC1767/RFC2376 (application/EDIxxxx or /xml) -RFC2015 (application/pgp-signature) Encryption, no signature (analog of 4.2.3) -RFC2068/2045 -RFC1847 (multipart/encrypted) -RFC2015 (application/pgp-encrypted) -"Version: 1" -RFC2015 (application/octet-stream) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) Encryption, signature (analog of 4.2.4) -RFC2068/2045 -RFC1847 (multipart/encrypted) -RFC2015 (application/pgp-encrypted) -"Version: 1" -RFC2015 (application/octet-stream) -RFC1847 (multipart/signed)(encrypted) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) -RFC2015 (application/pgp-signature)(encrypted) Structure of an AS2 MIME message - S/MIME No encryption, no signature (analog of 4.3.1) -RFC2068/2045 -RFC1767/RFC2376 (application/EDIxxxx or /xml) No encryption, signature (analog of 4.3.2) -RFC2068/2045 -RFC1847 (multipart/signed) -RFC1767/RFC2376 (application/EDIxxxx or /xml) -RFC2633 (application/pkcs7-signature) Moberg, Brooks, Drummond, Fischer [page 22] HTTP Transport for Secure EDI May 2002 Encryption, no signature (analog of 4.3.3) -RFC2068/2045 -RFC2633 (application/pkcs7-mime) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) Encryption, signature (analog of 4.3.4) -RFC2068/2045 -RFC2633 (application/pkcs7-mime) -RFC1847 (multipart/signed)(encrypted) -RFC1767/RFC2376 (application/EDIxxxx or /xml)(encrypted) -RFC2633 (application/pkcs7-signature)(encrypted) B. AS2 Extensions for the GISB Protocol and Report-type GISB AS2 ProfileJan 2003 7.3.1 Signed Receipt Considerations TheUnited States based Gas Industry Standards Board (GISB) ismethod used to request aconsortium of companies and individuals that operatereceipt or a signed receipt is defined inthe Gas Industry.RFC 2298, "An Extensible Message Format for Message Disposition Notifications". Themembership"rule" is: 1) When a receipt isdivided into 5 sectors, Producers, Pipelines, Services, End Users, Local Distribution Companies, representingrequested, explicitly specifying that thevarious type of organizations withinreceipt be signed, then theindustry. In 1996 GISB initiatedreceipt MUST be returned with aprogram to move fromsignature. 2) When a receipt is requested, explicitly specifying that theexpensive Value Added Networks they were using, toreceipt be signed, but theInternet. By October of 1996GISB had developed and testedrecipient cannot support either the requested protocol format, or requested MIC algorithms, then either aprotocol, called GISB Electronic Delivery Mechanism (EDM), which uses HTTP andsigned or unsigned receipt SHOULD be returned. 3) When a signature isbased on RFC1867 (Form-based File Upload in HTML). By May 1997 this protocol was being usednot explicitly requested, or if the signed receipt request parameter is not recognized byEnron and others to send/receive live, mission critical business transactions overtheInternet. Additional companies followed suit andUA, then no receipt, an unsigned receipt, or alarge percentage of today's business transactions in the Gas Industry are transmitted oversigned receipt MAY be returned by the recipient. NOTE: For Internetusing the GISB EDM protocol. In 1998 the Automobile Industry Action Group (AIAG) adoptedEDI, it is RECOMMENDED that when a signature is not explicitly requested, or if parameters are not recognized, that theGISB EDM protocol andUA send back at a minimum, an unsigned receipt. If a signed receipt however was always returned as a policy, whether requested or not, then any false unsigned receipts can be repudiated. When a request for a signed receipt is made, but there is an error in1999 the local electric companies servingprocessing thestatecontents ofPennsylvania declaredtheGISB protocol as their standardmessage, a signed receipt MUST still be returned. The request fortransmitting business transactions via the Internet. In May of 1999a signed receipt SHALL still be honored, though theAIAG, GISB and members oftransaction itself may not be valid. The reason for why theIETF EDIINT workgroup initiated an effort to converge their independent specifications,contents could not be processed MUST be set in theresult of which"disposition-field". When a request for a signed receipt isthis specification. In order to bringmade, theGISB EDM into compliance with this specification GISB initiated a formal change"Received-content-MIC" MUST always be returned to theEDM specification.requester. Thefollowing information, referred to"Received-content-MIC" MUST be calculated as follows: - For any signed messages, the"GISB AS2Profile", reflects the planned utilization of this specification by the GISB membership. The GISB membership will utilize PGPMIC tomeet all P.A.I.N. requirements. All data exchanges will utilizebe returned is calculated on themultipart/form- data enveloping method and two generalized receipts, GISB-Acknowledgement-ReceiptRFC1767 MIME header andGISB-Error-Notification. All Moberg, Brooks, Drummond, Fischer [page 23] HTTP Transport for Secure EDI May 2002 original business transactions mustcontent. Canonicalization as specified in RFC 1848 MUST bedigitally signed (using encapsulated signatures) and encrypted using RSA algorithms. Upon successful transfer of an original business transactionperformed before thereceiverMIC isrequired to send a GISB-Acknowledgement-Receipt indicating thatcalculated, since thetransfer has completed successfully. If, upon further processing ofsender requesting thebusiness document an error is encountered a GISB-Error-Notification is sentsigned receipt was also REQUIRED to canonicalize. - For encrypted, unsigned messages, theoriginal sender using the multipart/form-data enveloping. ItMIC to be returned isexpected that companies followingcalculated on theGISB AS2 profile will protect their web sites from unauthorized access through the use of basic authentication (username/passwords), as defined indecrypted RFC 1767 MIME header and content. The content after decryption MUST be canonicalized before theHTTP specification. GISBMIC isnot "requiring" the use of signed receipts; however, signed receipts are allowed between consenting trading partners. GISB has decided to use the following core headers: FROM: Contains the DUNS number of the sending party TO: Contains the DUNS number ofcalculated. - For unsigned, unencrypted messages, theintended recipient INPUT-FORMAT: Type of data being sent (only x12 and error currently supported) other options can easilyMIC MUST beaddedcalculated over the message contents prior tothis list. INPUT-DATA: The actual payload containingContent-Tranfer-Encoding and without thebusiness transactionMIME orGISB-Error-Notification. If the payload contains a business transaction it is signedany other RFC 822 headers, since these are sometimes altered or reordered by MTAs. 7.4 MDN Format andencrypted using PGP. Version: The GISB version number (currently 1.3) RECEIPT-DISPOSITION-TO: The DUNS number of the party to receivevalue This section defines theGISB-Acknowledgement-Receipt (typicallyformat of thesame DUNS number associated withAS2 Message Disposition Notification (AS2-MDN). 7.4.1 AS2-MDN General Formats The AS2-MDN follows theFrom header.) Presence ofMDN specification [5] except where noted in thisfield also serves as a flag indicating that an acknowledgement receipt is requested by the sender.section. Thereceipt is returned synchronously (onmodified entity definitions in this document use thesame session usedvertical-bar character, '|', to denote a logical "OR" construction. This usage follows RFC 2616 [3]. HTTP entities referred tosend the input-data payload). RECEIPT-REPORT-TYPE: Contains the value GISB-Acknowledgement-Receipt. Optional headers also available: TRANSACTION-SET: Identifies the type of transaction containedbelow are not further defined in this document. Refer to RFC 2616 [3] for complete definitions of HTTP entities. The format of theinput-data payload.AS2-MDN is AS2-MDN = AS2-sync-MDN | AS2-async-http-MDN | AS2-async-smtp-MDN AS2-sync-MDN = Status-Line *(( general-header | response-header | entity-header ) CRLF ) CRLF AS2-MDN-body Moberg,Brooks,Drummond,Fischer[page24]18] HTTP Transport for Secure EDIMay 2002 RECEIPT-SECURITY-SELECTION: This field servesJan 2003 Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF AS2-async-http-MDN = Request-Line *(( general-header | request-header | entity-header ) CRLF ) CRLF AS2-MDN-body Request-Line = Method SP Request-URI SP HTTP-Version CRLF AS2-async-smtp-MDN = *(( general-header | request-header | entity-header ) CRLF ) CRLF AS2-MDN-body AS2-MDN-body = AS2-signed-MDN-body | AS2-unsigned-MDN-body 7.4.2 AS2-MDN Construction The AS2-MDN-body is formatted as aflag indicating thatMIME multipart/report with asigned receipt is being requested. The contentsreport-type ofthis field indicate the algorithm and signature type to use in constructing"disposition-notification". When unsigned, thesignature. Exampletransfer-layer ( "outermost" ) entity-headers of the AS2-MDN contain the content-type header that specifies aGISB data exchange: The sending party creates an X12 business transactioncontent-type of "multipart/report" andconcatenates with an RFC 1767 compliant header. The entire package is then encryptedparameters indicating the report-type, andsigned using PGP. The encrypted packagethe value of the outermost multipart boundary. When the AS2-MDN isthen enveloped withsigned, theappropriate headers/valuestransfer-layer ( "outermost" ) entity-headers of the AS2-MDN contain a content-type header that specifies a content-type of "multipart/signed" andsentparameters indicating the algorithm used to compute thetrading partner using HTTP POST,message digest, thecontents of this post appear as follows: POST c:\execute HTTP/1.0 Referer: http://www.get.a.life/upl.htm Connection: Keep-Alive User-Agent: brow v0.1 XYZ Corp. Host: localhost Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Content-type: multipart/form-data; boundary=---------------------------87453838942833 Content-Length: 5379 -----------------------------87453838942833 Content-Disposition: form-data; name="from" 123456789 -----------------------------87453838942833 Content-Disposition: form-data; name="to" 234567890 -----------------------------87453838942833 Content-Disposition: form-data; name="Version" 1.3 -----------------------------87453838942833 Content-Disposition: form-data; name="receipt-disposition-to" 123456789 -----------------------------87453838942833 Content-Disposition: form-data; name="receipt-report-type" GISB-Acknowledgement-Receipt -----------------------------87453838942833 Content-Disposition: form-data; name="input-format" x12 -----------------------------87453838942833 Content-Disposition: form-data; name="input-data"; filename=c:\temp\smallnom.bin Moberg, Brooks, Drummond, Fischer [page 25] HTTP Transport for Secure EDI May 2002 Content-Type: multipart/encrypted; boundary=9876; protocol="application/pgp-encrypted" --9876 Content-Type: application/pgp-encrypted Version: 1 --9876 Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- Version: PGP 6.5 hQCMAzRG1pEOIOvdAQP+JMr0m/9+8yOL60Z9Vr6fFV81FCExB/o0xmwiMkiwYsHs z0e8sb7ErC340MrNA/dw3taGMjmI+CXYRF/PLEdg1NZE1ZCtNeL4YdIHAMLWwODG lQxhSucz8rMSgQ5mZzcOJwBdWLW70efgsu/9UljuJjYc1uZ6C03eFQv/43fkB+al ATtgydxX4g8QK664ad+Jo/XUICSmWBL66fqJR1KLeLf4wTaqGy174Aq48Wpwvg1E h785zC03UAw0qg0ugMt86dPeyd91e2JigqwDYEf/DYEKD0J9BGiGpS/uAupNKj8O aqx2Dq/ra9g65HNchOCzjul5Vi8HHf6Yhg2WnROe+npByyCue6rihqgNVOJwj0cV zpb4JE+gMDf3q4ISUb1Fv7/+SSFHDdnhdC5YTpqf1Bc3B07hiLmtTXqNit31EbX9 UVElObzSa9ZhxbC6/eSl7Nuf5ZTDsh9nrk+QQJ6FeC9W4cqXLj7IZySaRO8Vtff+ 4ktqeuhYusT4kSpnk027aw4O/5jomUkfb22CAe4= =Oiuo -----END PGP MESSAGE----- --9876-- -----------------------------87453838942833-- Upon receivingsignature formatting protocol ( e.g. pkcs7-signature ), and theabove streamvalue ofdatathereceiving host parsesoutermost multipart boundary. The first part of theheaders and returnsMIME multipart/signed message is anunsigned GISB-Acknowledgement-Receipt, appearing as follows: Content-Type: multipart/report; report-type="GISB-Acknowledgement-Receipt"; boundary="GISB7867" --GISB7867 Content-type: text/html <HTML><HEAD><TITLE>Acknowledgement Receipt Success</TITLE></HEAD> <BODY><P> time-c=19960619082855* request-status=ok* server-id=coolhost* trans-id=234423897* </P> </BODY></HTML> --GISB7867 Content-type: text/plain Moberg, Brooks, Drummond, Fischer [page 26] HTTP Transport for Secure EDI May 2002 time-c=19960619082855* request-status=ok* server-id=coolhost* trans-id=234423897* --GISB7867-- C. Samplesembedded MIME multipart/report ofAS2 Protocol Data Units C.1type "disposition-notification". Thefollowing example illustratessecond part of thefull HTTP request that sends X12 EDI data from company1 to company2. A signed receipt is requested;multipart/signed message contains a MIME application/pkcs7-signature message. The first part of thereceiptMIME multipart/report isto beaMDN report-type, with the pkcs7 signature option, using"human-readable" portion that contains asignature algorithmgeneral description ofrsa-md5.the message disposition. Thereceiptsecond part of the MIME multipart/report is a "machine-readable" portion that is defined as AS2-disposition-notification-content = [ reporting-ua-field CRLF ] [ mdn-gateway-field CRLF ] final-recipient-field CRLF [ original-message-id-field CRLF ] AS2-disposition-field CRLF *( failure-field CRLF ) *( error-field CRLF ) *( warning-field CRLF ) *( extension-field CRLF ) [ AS2-received-content-MIC-field CRLF ] 7.4.3 AS2-MDN Fields The rules for constructing the AS2-disposition-notification-content are identical tobe sent synchronously (that is,the rules for constructing the disposition-notification-content as defined in section 7 of RFC 2298 [5] except that thereply to this HTTP request), because no special delivery options are indicated. POST https://tp2server.company2.com/cgi-bin/tp1drawer.pl HTTP/1.1 Host: tp2server.company2.com AS2-To: zzzcompany2 AS2-From: zzzcompany1 AS2-Version: 1.0 From: ediadmin@company1.com Date: Tue, 06 Nov 2001 12:53:01 UT Subject: Purchase orders for 6 November 2001 Message-Id: <20011106@company1.com> Disposition-Notification-To: tp1@company1.com Disposition-Notification-Options: signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional,rsa-md5 Content-Type: multipart/signed; boundary="20011106RsXgYlvCNW"; protocol=application/pkcs7-signature; micalg=rsa-md5 Content-Length: 3056 --20011106RsXgYlvCNW Content-Type: application/edi-x12 Content-Disposition: Attachment; filename=rfc1767.dat [ISA ...EDI transaction data...IEA...] --20011106RsXgYlvCNW Content-Type: application/pkcs7-signature [omitted binary pkcs7 signature data] --20011106RsXgYlvCNW-- Moberg, Brooks, Drummond, Fischer [page 27] HTTP Transport for Secure EDI May 2002 C.2 This second example illustrates returning a signed MDNRFC 2298 disposition-field has been replaced with the AS2-disposition-field and thatcorresponds totherequest for a MDN found in C.1. HTTP/1.0 200 OK Server: HTTPEDI/1.1 AS2-To: zzzcompany1 AS2-From: zzzcompany2 AS2-Version: 1.0 Content-type: multipart/signed; boundary="boundary1" Content-Length: 1200 --boundary1 Content-type: multipart/report; boundary="boundary2" --boundary2 Content-type: text/plain Message <20011106@company1.com> was authenticated; EDI processing was initiated. --boundary2 Content-type: message/disposition-notification Reporting-UA: Company2UA Final-Recipient: rfc822; tp2@company2.com Original-Message-Id: <20011106@company1.com> Received-Content-MIC: w7AguNJEmhF/qIjJw6LnnA==, rsa-md5 Disposition: MDN-sent-automatically/processed --boundary2-- --boundary1 Content-Type: application/pkcs7-signature [Signature data omitted] --boundary1-- D. Acknowledgments Carl Hage, Karen Rosenfeld, Chuck FentonAS2-received- -content-MIC field has been added. The differences between the RFC 2298 disposition-field andmany others have provided valuable suggestions improvingthe AS2-disposition-field are described below. Where there are differences between thisapplicability statement. E. References [ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax Specifications: ABNF",document and RFC2234, November 1997 [AS1] T. Harding, R. Drummond, C. Shih, "Peer-to-Peer MIME-based Secure Business Data Interchange", April 2002, Internet draft: draft-ietf-ediint-as1-17.txt.2298, those entity Moberg,Brooks,Drummond,Fischer[page28]19] HTTP Transport for Secure EDIMay 2002 [CMS] R. Housley, "Cryptographic Message Syntax", RFC 2630, June 1999. [FORMDATA] L. Masinter, "Returning ValuesJan 2003 names have been changed by prepending "AS2-". Entities below that do not differ fromForms: multipart/form-data",RFC2388, August, 1998. [GISB] Gas Industry Standards Board, "Electronic Delivery Mechanism Related Standards", Version 1.3 July 31, 1998 [HTML] D. Raggett, A. Le Hors, I. Jacobs. "HTML 4.0 Specification", World Wide Web Consortium Technical Report "REC-html40", December, 1997. <http://www.w3.org/TR/REC-html40/> [HTTP] R. Fielding, J.Gettys, J. Mogul, H. Frystyk, T. Berners-Lee, "Hypertext Transfer Protocol--HTTP/1.1",2298 are not necessarily further defined in this document. Refer to RFC2068, March 1997. [MIME] N. Borenstein, N. Freed, "Multipurpose Internet Mail Extensions (MIME) Part One: Format2298 for AS2-MDN entities that are not further defined in this document. AS2-disposition-field = "Disposition" ":" disposition-mode ";" AS2-disposition-type [ '/' AS2-disposition-modifier ] disposition-mode = action-mode "/" sending-mode action-mode = "manual-action" | "automatic-action" sending-mode = "MDN-sent-manually" | "MDN-sent-automatically" AS2-disposition-type = "processed" | "failed" AS2-disposition-modifier = ( "error" | "warning" ) | AS2-disposition-modifier-extension AS2-disposition-modifier-extension = "error: authentication-failed" | "error: decompression-failed" | "error: decryption-failed" | "error: insufficient-message-security" | "error: integrity-check-failed" | "error: unexpected-processing-error" | "warning: " AS2-MDN-warning-description | "failure: " AS2-MDN-failure-description AS2-MDN-warning-description = *( TEXT ) AS2-MDN-failure-description = *( TEXT ) AS2-received-content-MIC-field = "Received-content-MIC" ":" encoded-message-digest "," digest-alg-id CRLF encoded-message-digest = 1*( 'A'-Z' | 'a'-'z' | '0'-'9' | '/' | '+' | '=' ) ( i.e. base64( message-digest ) ) digest-alg-id = "sha1" | "md5" "Insufficient-message-security" and "decompression-failed" are newer error codes to this specification, are not mentioned in the AS1 RFC, and may not be compatible with earlier implementations ofInternet Message Bodies",AS2. The "Received-content-MIC" extension field is set when the integrity of the received message is verified. The MIC is the base64-encoded message-digest computed over the received message with a hash function. This field is required for signed receipts but optional for unsigned receipts. For details defining the specific content over which the message-digest is to be computed, see Section 7.3.1 of this document. The algorithm used to calculate the message-digest MUST be the same as the "micalg" value used by the sender in the multipart/signed message. When no signature is received, or the micalg parameter is not provided then the SHA-1 algorithm SHOULD be used to calculate the MIC. This field is set only when Moberg, Drummond, [page 20] HTTP Transport for Secure EDI Jan 2003 the contents of the message are processed successfully. This field is used in conjunction with the recipient's signature on the MDN in order for the sender to verify non-repudiation of receipt. AS2-MDN field names ( e.g. "Disposition:", "Final-Recipient:") are case-insensitive ( cf. RFC 2298, 3.1.1 ). AS2-MDN action-modes, sending-modes, AS2-disposition-types, and AS2- disposition-modifier values that are defined above, and user-supplied *( TEXT ) values are also case-insensitive. AS2 implementations MUST NOT make assumptions regarding the values supplied for AS2-MDN-warning-description, AS2-MDN-failure- -description nor for the values of any (optional) error, warning, or failure fields. 7.4.4 Additional AS2-MDN Programming Notes 1. Unlike SMTP, for HTTP transactions, Original-Recipient and Final Recipient should not be different. The value in Original-Message-ID SHOULD match the original Message-ID header value. 2. Refer to RFC 2298 for the formatting of the MDN except for the specific deviations mentioned above. 3. Refer to RFC 1892 and RFC 2298 for the formatting of the content-type entity-headers for the MDN. 4. Use an action-mode of "automatic-action" when the disposition described by the disposition type was a result of an automatic action, rather than an explicit instruction by the user for this message. 5. Use an action-mode of "manual-action" when the disposition described by the disposition type was a result of an explicit instruction by the user rather than some sort of automatically performed action. 6. Use a sending-mode of "MDN-sent-automatically" when the MDN is sent because the UA had previously been configured to do so. 7. Use a sending-mode of "MDN-sent-manually" when the user explicitly gave permission for this particular MDN to be sent. 8. The sending-mode "MDN-sent-manually" is ONLY meaningful with "manual-action", not with "automatic-action". 9. The "failed" disposition type MAY NOT be used for the situation in which there is some problem in processing the message other than interpreting the request for an MDN. The "processed" or other disposition type with appropriate disposition modifiers is to be used in such situations. 7.5 Disposition Mode, Type, and Modifier 7.5.1 Disposition Mode Overview This section would provide a brief overview of how processed, error, failure, and warnings are used. 7.5.2 Successful Processing status indication When the request for a receipt or signed receipt, and the received message contents are successfully processed by the receiving EDI UA, a receipt or MDN SHOULD be returned with the "disposition-type" set to 'processed'. When the MDN is sent automatically by the EDI UA, and there is no explicit way for a user to control the sending of the MDN, then the first part of the "disposition-mode" should be set to "automatic-action". When the MDN is being sent under user configurable control, then the first part of the "disposition-mode" should be set to "manual-action". Since a request for a signed receipt should always be honored, the user MUST not be allowed to configure the UA to not send a signed receipt when the sender requests one. The second part of the "disposition-mode" is set to "MDN-sent-manually" if the user gave explicit permission for the MDN to be sent. Again, the user MUST not be allowed to explicitly refuse to send a signed receipt when the sender requests one. The second part of the "disposition-mode" is set to "MDN-sent- -automatically" whenever the EDI UA sends the MDN automatically, regardless of whether the sending was under a user's, administrator's, or under software control. Moberg, Drummond, [page 21] HTTP Transport for Secure EDI Jan 2003 Since EDI content is generally handled automatically by the EDI UA, a request for a receipt or signed receipt will generally return the following in the "disposition-field": Disposition: automatic-action/MDN-sent-automatically; processed Note this specification does not restrict the use of the "disposition-mode" to just automatic actions. Manual actions are valid as long as it is kept in mind that a request for a signed receipt MUST be honored. 7.5.3 Unsuccessful processed Content The request for a signed receipt requires the use of two "disposition-notification-options", which specify the protocol format of the returned signed receipt, and the MIC algorithm used to calculate the MIC over the message contents. The "disposition-field" values that should be used in the case where the message content is being rejected or ignored, for instance if the EDI UA determines that a signed receipt cannot be returned because it does not support the requested protocol format, so the EDI UA chooses not to process the message contents itself, should be specified in the MDN "disposition-field" as follows: Disposition: "disposition-mode"; failed/Failure: unsupported format The "failed" AS2-disposition-type should be used when a failure occurs that prevents the proper generation of an MDN. For example, this disposition-type would apply if the sender of the message requested the application of an unsupported message-integrity-check (MIC) algorithm. The "failure:" AS2-disposition-modifier-extension should be used with an implementation-defined description of the failure. Further information about the failure may be contained in a failure-field. The syntax of the "failed" "disposition-type" is general, allowing the sending of any textual information along with the "failed" "disposition-type". Implementations WILL support any printable textual characters after the Failure disposition-type. For use in Internet EDI, the following "failed" values are pre-defined and MUST be supported: "Failure: unsupported format" "Failure: unsupported MIC-algorithms" 7.5.4 Unsuccessful Non-Content Processing When errors occur processing the received message other than content, the "disposition-field" should be set to the "processed" "disposition-type" value and the "error" "disposition-modifier" value. The "error" AS2-disposition-modifier with the "processed" disposition-type should be used to indicate that an error of some sort occurred that prevented successful processing of the message. Further information may be contained in an error-field. An "error:" AS2-disposition-modifier-extension should be used to combine the indication of an error with a pre-defined description of a specific, well-known error. Further information about the error may be contained in an error-field. For use in Internet EDI, the following "error" "disposition-modifier" values are defined: "Error: decryption-failed" - the receiver could not decrypt the message contents. "Error: authentication-failed" - the receiver could not authenticate the sender. "Error: integrity-check-failed" - the receiver could not verify content integrity. "Error: unexpected-processing-error" - a catch-all for any additional processing errors. An example of how the "disposition-field" would look when other than content processing errors are detected is as follows: EXAMPLE Moberg, Drummond, [page 22] HTTP Transport for Secure EDI Jan 2003 Disposition: "disposition-mode"; processed/Error: decryption-failed 7.5.5 Processing Warnings Situations arise in EDI where even if a trading partner cannot be authenticated correctly, the trading partners still agree to continue processing the EDI transactions. Transaction reconciliation is done between the trading partners at a later time. In the content processing warning situations as described above, the "disposition-field' SHOULD be set to the "processed" "disposition-type" value, and the "warning" "disposition-modifier" value. The "warning" AS2-disposition-modifier should be used with the "processed" disposition-type to indicate that the message was successfully processed but that an exceptional condition occurred. Further information may be contained in a warning-field. A "warning:" AS2-disposition-modifier-extension should be used to combine the indication of a warning with an implementation-defined description of the warning. Further information about the warning may be contained in an warning-field. For use in Internet EDI, the following "warning" "disposition-modifier" values are defined: "Warning: authentication-failed, processing continued" An example of how the "disposition-field" would look when other than content processing warnings are detected is as follows: EXAMPLE Disposition: "disposition-mode"; processed/Warning: authentication-failed, processing continued 7.5.6 Backwards Compatibility with Disposition Type, Modifier and Extension The following set of examples represent typical constructions of the Disposition field that have been in use by AS2 implementations. This is NOT an exhaustive list of possible constructions. However, AS2 implementations MUST accept constructions of this type to be backward compatible with earlier AS2 versions. Disposition: automatic-action/MDN-sent-automatically; processed Disposition: automatic-action/MDN-sent-automatically; processed/error: authentication-failed Disposition: automatic-action/MDN-sent-automatically; processed/warning: duplicate-document Disposition: automatic-action/MDN-sent-automatically; failed/failure: sender-equals-receiver The following set of examples represent allowable constructions of the Disposition field that combine the historic constructions above with optional RFC 2298 error, warning and failure fields. AS2 implementations MAY produce these constructions. However, AS2 servers are not required to recognize or process optional error, warning, or failure fields at this time. Note that the use of the multiple Error fields in the second example below provides for the indication of multiple error conditions. Disposition: automatic-action/MDN-sent-automatically; processed Disposition: automatic-action/MDN-sent-automatically; processed/error: decryption-failed Error: The signature did not decrypt into a valid PKCS#1 Type-2 block. Error: The length of the decrypted key does not equal the octet-length of the modulus. Disposition: automatic-action/MDN-sent-automatically; processed/warning: duplicate-document Warning: An identical message already exists at the destination server. Disposition: automatic-action/MDN-sent-automatically; failed/failure: Moberg, Drummond, [page 23] HTTP Transport for Secure EDI Jan 2003 sender-equals-receiver Failure: The AS2-To name is identical to the AS2-From name. The following set of examples represent allowable constructions of the Disposition field that employ pure RFC 2298 Disposition-modifiers with optional error, warning and failure fields. These examples are provided as informational only. These constructions are not guaranteed to be backward compatible with AS2 implementations prior to version 1.1. Disposition: automatic-action/MDN-sent-automatically; processed Disposition: automatic-action/MDN-sent-automatically; processed/error Error: authentication-failed Error: The signature did not decrypt into a valid PKCS#1 Type-2 block. Error: The length of the decrypted key does not equal the octet-length of the modulus. Disposition: automatic-action/MDN-sent-automatically; processed/warning Warning: duplicate-document Disposition: automatic-action/MDN-sent-automatically; failed Failure: sender-equals-receiver 7.6 Receipt Reply Considerations in a HTTP POST The details of the response to the POST command vary depending upon whether a receipt has been requested. With no extended header requesting a receipt, and no errors accessing the request-URI specified processing, the status line in the Response to the POST request should be in the 200 range. Status codes in the 200 range should also be used when an entity is returned (a signed receipt in a multipart/signed content type or an unsigned receipt in a multipart/report). Even when the disposition of the data was an error condition at the authentication, decryption or other higher level, the HTTP status code should indicate success at the HTTP level. The HTTP server-side application may respond with an unsolicited multipart/report as a message body that the HTTP client might not have solicited, but this may be discarded by the client. Applications should avoid emitting unsolicited receipt replies because bandwidth or processing limitations might have led administrators to suspend asking for acknowledgements. When a Disposition-Notification-To extension header is present in the POST request entity headers, then entity headers for the MDN should be included. The content type for the MDN receipt (multipart/report [9] or multipart/signed [6]) should be included in the Response entity headers. Message Disposition Notifications, when used in the HTTP reply context, will closely parallel a SMTP MDN. For example, the disposition field is a required element in the machine readable second part of a multipart/report for a MDN. The final-recipient-field ([5] section 3.1) value should be derived from the entity headers of the request. If the "To" field is missing, for signed messages, the value for Original-recipient may be the email address field from the signer's X.509 attribute for email addresses, if that value is available. For a MDN, an application must report the Message-ID of the request. The human readable part (the first part of the multipart/report) should include items such as the subject, date and other information when those fields are present in entity header fields following the POST request. The HTTP reply should normally omit the third optional part of the multipart/report (used to return the original message or its headers in Moberg, Drummond, [page 24] HTTP Transport for Secure EDI Jan 2003 the SMTP context). 8. Public key certificate handling In the near term, the exchange of public keys and certification of these keys must be handled as part of the process of establishing a trading partnership. The UA and/or EDI application interface must maintain a database of public keys used for encryption or signatures, in addition to the mapping between EDI trading partner ID and RFC 822 [11] email address and http URL/URI. The procedures for establishing a trading partnership and configuring the secure EDI messaging system might vary among trading partners and software packages. X.509 certificates are REQUIRED. It is RECOMMENDED that trading partners self-certify each other if an agreed upon certification authority is not used. This applicability statement does NOT require the use of a certification authority. The use of a certification authority is therefore OPTIONAL. Certificates may be self-signed. It is RECOMMENDED that when trading partners are using S/MIME, that they also exchange public key certificates using the recommendations specified in the S/MIME Version 3 Message Specification. The message formats and S/MIME conformance requirements for certificate exchange are specified in this document. In the long term, additional Internet-EDI standards may be developed to simplify the process of establishing a trading partnership, including the third party authentication of trading partners, as well as attributes of the trading relationship . 9. Security Considerations This entire document is concerned with secure transport of business to business data, and considers both privacy and authentication issues. Extracted from S/MIME Version 2 Message Specification: 40-bit encryption is considered weak by most cryptographers. Using weak cryptography offers little actual security over sending plaintext. However, other features of S/MIME, such as the specification of tripleDES or AES and the ability to announce stronger cryptographic capabilities to parties with whom you communicate, allow senders to create messages that use strong encryption. Using weak cryptography is never recommended unless the only alternative is no cryptography. When feasible, sending and receiving agents should inform senders and recipients the relative cryptographic strength of messages. Extracted from S/MIME Version 2 Certificate Handling: When processing certificates, there are many situations where the processing might fail. Because the processing may be done by a user agent, a security gateway, or other program, there is no single way to handle such failures. Just because the methods to handle the failures has not been listed, however, the reader should not assume that they are not important. The opposite is true: if a certificate is not provably valid and associated with the message, the processing software should take immediate and noticeable steps to inform the end user about it. Some of the many places where signature and certificate checking might fail include: - no certificate chain leads to a trusted CA - no ability to check the CRL for a certificate - an invalid CRL was received - the CRL being checked is expired - the certificate is expired - the certificate has been revoked There are certainly other instances where a certificate may be invalid, and it is the responsibility of the processing software to check them all thoroughly, and to decide what to do if the check fails. The following certificate types MUST be supported. With URL Without URL Self Certified Certification Authority Certified Moberg, Drummond, [page 25] HTTP Transport for Secure EDI Jan 2003 The URL, which matches the source server identity, SHOULD be carried in the certificate. However, the receiver SHOULD NOT expect that the certificate would contain a matching URL. Since the certificates were exchanged with the establishing of the trading partner relationship, the server identify may be ignored. The complete certification chain MUST be included in all certificates. All certificate verifications MUST "chain to root". Additionally, the certificate hash should match the hash recomputed by the receiver. 10. Acknowledgements Carl Hage, Karen Rosenfeld, Chuck Fenton and many others have provided valuable suggestions improving this applicability statement. The authors would also like to thank the vendors who participated in the Drummond Group Inc AS2 interoperability testing. Their contributions led to great improvement in the clarity of this document. 11. References [1] N. Borenstein, N.Freed, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, December 02, 1996. N. Borenstein, N.Freed, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, December 02, 1996. N. Borenstein, N.Freed, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC2049,2049 , December 02, 1996.[MIMEEDI][2] D. Crocker, "MIME Encapsulation of EDI Objects", RFC 1767, March 2, 1995.[MIMEPGP] M. Elkins, "MIME Security With Pretty Good Privacy (PGP)",[3] R. Fielding, J.Gettys, J. Mogul, H. Frystyk, T. Berners-Lee, "Hypertext Transfer Protocol--HTTP/1.1", RFC2015, Sept. 1996. [MDN]2616, March 1997. [4] T. Harding, R. Drummond, C. Shih, "Peer-to-Peer MIME-based Secure Business Data Interchange", RFC 3335, September 2002. [5] R. Fajman, "An Extensible Message Format for Message Disposition Notifications", RFC 2298, March 1998.[SECURITY][6] J. Galvin, S. Murphy, S. Crocker, N. Freed, "Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted", RFC 1847, Oct. 3, 1995[SMTP] P. Resnick, Editor "Internet[7] J. Postel, "Simple MailFormat", RFC 2822, April 2001. [SMIMEV2] S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade, L. Repka, "S/MIME Version 2 Message Specification",Transfer Protocol", STD 10, RFC2311. [SMIMEV3]821, August 1, 1982. [8] B. Ramsdell, "S/MIME Version 3 MessageSpecification",Specification; Cryptographic Message Syntax", RFC2633,2633 RFC 2630, June 1999.[REPORT][9] G. Vaudreuil, "The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages", RFC 1892, March 15, 1996. [10] T. Dierks,C. Allen, "The TLS Protocol Version 1.0" RFC 2246, March 1999. [11] D. Crocker, "Standard for the Format of ARPA Internet Text Messages", STD 11, RFC 822, August 13, 1982. [12] E. Whitehead, M. Murata, "XML Media Types", RFC 2376, July 1998. 12. Authors' Addresses Dale Moberg dmoberg@cyclonecommerce.com Cyclone Commerce 8388 E. Hartford Drive, Suite 100 Scottsdale, AZ 85255 USA Dick Brooks dick.brooks@systrends.com Systrends, Inc 7855 South River Parkway, Suite 111 Tempe, Arizona 85284 USA Rik Drummond Rvd2@drummondgroup.com Drummond Group Inc. 4700 Bryant Irvin Court Fort Worth, TX 76107 USA Appendices A. Message Examples NOTE: All examples are provided as an illustration only, and are not considered part of the protocol specification. If an example conflicts with the protocol definitions specified above or in the other referenced RFC's, the example is wrong. A.1 Signed message requesting a signed, synchronous receipt POST /invoke/wm.EDIINT/receive HTTP/1.0 Host: 208.234.160.12:80 User-Agent: AS2 Company Server Date: Wed, 31 Jul 2002 13:34:50 GMT From: mrAS2@as2.com AS2-Version: 1.1 AS2-From: "\" as2Name \"" AS2-To: "0123456780000" Subject: G1 Message-Id: <200207310834482A70BF63@\"~~foo~~\"> Disposition-Notification-To: mrAS2@as2.com Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1 Content-Type: multipart/signed; boundary="as2BouNdary1as2"; protocol="application/pkcs7-signature"; micalg=sha1 Content-Length: 2464 --as2BouNdary1as2 Content-Type: application/edi-x12 Content-Disposition: Attachment; filename=rfc1767.dat Moberg, Drummond, [page 26] HTTP Transport for Secure EDI Jan 2003 [ISA ...EDI transaction data...IEA...] --as2BouNdary1as2 Content-Type: application/pkcs7-signature [omitted binary pkcs7 signature data] --as2BouNdary1as2-- A.2 MDN for Message A.1 Above HTTP/1.0 200 OK Set-Cookie: ssnid=35MdRcIFhez60mO6UDq+JDMWoumBQ=666612; path=/; AS2-From: "0123456780000" AS2-To: "\" as2Name \"" AS2-Version: 1.1 Message-ID: <709700825.1028122454671.JavaMail@ediXchange> Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="----=_Part_57_648441049.1028122454671" Connection: Close Content-Length: 1980 ------=_Part_57_648441049.1028122454671 & Content-Type: multipart/report; Report-Type=disposition-notification; & boundary="----=_Part_56_1672293592.1028122454656" & &------=_Part_56_1672293592.1028122454656 &Content-Type: text/plain &Content-Transfer-Encoding: 7bit & &MDN for - & Message ID: <200207310834482A70BF63@\"~~foo~~\"> & From: "\" as2Name \"" & To: "0123456780000" & Received on: 2002-07-31 at 09:34:14 (EDT) & Status: processed & Comment: This is not a guarantee that the message has been completely processed or &understood by the receiving translator & &------=_Part_56_1672293592.1028122454656 & Content-Type: message/disposition-notification & Content-Transfer-Encoding: 7bit & & Reporting-UA: AS2 Server & Original-Recipient: rfc822; "0123456780000" & Final-Recipient: rfc822; "0123456780000" & Original-Message-ID: <200207310834482A70BF63@\"~~foo~~\"> & Received-content-MIC: 7v7F++fQaNB1sVLFtMRp+dF+eG4=, sha1 & Disposition: automatic-action/MDN-sent-automatically; processed & & ------=_Part_56_1672293592.1028122454656-- ------=_Part_57_648441049.1028122454671 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQ cp24hMJNbxDKHnlB9jTiQzLwSwo+/90Pc87x+Sc6EpFSUYWGAAAAAAAA ------=_Part_57_648441049.1028122454671-- Moberg,Brooks,Drummond,Fischer[page29]27] HTTP Transport for Secure EDIMay 2002 [TLS] T. Dierks,C. Allen, "The TLS Protocol Version 1.0" RFC 2246, March 1999. [MIME-TYPES] "Media Types," http:// www.isi.edu/in-notes/iana/assignments/media-types/media-types [XMLTYPES] E. Whitehead, M. Murata, "XML Media Types", RFC 2376, July 1998. F. Security Considerations This entire documentJan 2003 Notes: 1. The lines proceeded with "&" isconcernedwhat the signature is calculated over. 2. For details on how to prepare the multipart/signed withsecure transportprotocol = "application/pkcs7-signature" see the "S/MIME Message Specification, PKCS Security Services for MIME".) 3. Note that the textual first body part ofbusinessthe multipart/report can be used tobusiness data and considers both privacy and authentication issues. G. Authors' Addresses Dale Moberg dale_moberg@cyclonecommerce.com Cyclone Commerce 8388 E. Hartford Drive Scottsdale, AZ 85255 USA Dick Brooks dick.brooks@systrends.com Systrends, Inc 7855 South River Parkway, Suite 111 Tempe, Arizona 85284 USA Rik Drummond rik@drummondgroup.com Drummond Group 5008 Bentwood Ct. Fort Worth, TX 76132 USA David Fischer david@drummondgroup.com Drummond Group 4200 S. Hulen St. Suite 600 Fort Worth, TX 76109 USAinclude a more detailed explanation of the error conditions reported by the disposition headers. The first body part of the multipart/report when used in this way, allows a person to better diagnose a problem in detail. 4. As specified by RFC 1892 [9], returning the original or portions of the original message in the third body part of the multipart/report is not required. This is an optional body part. However, it is RECOMMENDED that this body part be omitted or left blank. A.3 Signed, encrypted message requesting a signed, asynchronous receipt A.4 Asynchronous MDN for Message A.3 Above B. IANA Registration Form A.1 IANA registration of the signed-receipt-protocol content disposition parameter Parameter-name: signed-receipt-protocol Syntax: See section 7.3 of this document Specification: See section 7.3 of this document A.2 IANA registration of the signed-receipt-micalg content disposition parameter Parameter-name: signed-receipt-micalg Syntax: See section 7.3 of this document Specification: See section 7.3 of this document A.3 IANA registration of the Received-content-MIC MDN extension field name Extension field name: Received-content-MIC Syntax: See section 7.4.3 of this document Specification: See section 7.4.3 of this document Moberg,Brooks,Drummond,Fischer[page30]28] HTTP Transport for Secure EDI Jan 2003 ----