MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet
RFC 3335
| Document | Type | RFC - Proposed Standard (September 2002; No errata) | |
|---|---|---|---|
| Authors | Terry Harding , Rik Drummond , Chuck Shih | ||
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 3335 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Ned Freed | ||
| IESG note | Responsible: Finished | ||
| Send notices to | (None) | ||
Network Working Group T. Harding
Request for Comments: 3335 Cyclone Commerce
Category: Standards Track R. Drummond
Drummond Group
C. Shih
Gartner Group
September 2002
MIME-based Secure Peer-to-Peer
Business Data Interchange over the Internet
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document describes how to exchange structured business data
securely using SMTP transport for Electronic Data Interchange, (EDI -
either the American Standards Committee X12 or UN/EDIFACT, Electronic
Data Interchange for Administration, Commerce and Transport), XML or
other data used for business to business data interchange. The data
is packaged using standard MIME content-types. Authentication and
privacy are obtained by using Cryptographic Message Syntax (S/MIME)
or OpenPGP security body parts. Authenticated acknowledgements make
use of multipart/signed replies to the original SMTP message.
Harding, et. al. Standards Track [Page 1]
RFC 3335 MIME-based Secure EDI September 2002
Table of Contents
1.0 Introduction .................................................3
2.0 Overview .....................................................4
2.1 Purpose of a Security Guideline for MIME EDI .................4
2.2 Definitions ..................................................4
2.2.1 Terms ........................................................4
2.2.2 The Secure Transmission Loop .................................5
2.2.3 Definition of Receipts .......................................5
2.3 Assumptions ..................................................6
2.3.1 EDI Process Assumptions ......................................6
2.3.2 Flexibility Assumptions ......................................7
3.0 Referenced RFCs and Their Contribution .......................8
3.1 RFC 821 SMTP [7] .............................................8
3.2 RFC 822 Text Message Format [3] ..............................8
3.3 RFC 1847 MIME Security Multiparts [6] ........................8
3.4 RFC 1892 Multipart/Report [9] ................................8
3.5 RFC 1767 EDI Content [2] .....................................9
3.6 RFC 2015, 3156, 2440 PGP/MIME [4] ............................9
3.7 RFC 2045, 2046, and 2049 MIME [1] ............................9
3.8 RFC 2298 Message Disposition Notification [5] ................9
3.9 RFC 2633 and 2630 S/MIME Version 3 Message Specifications [8] 9
4.0 Structure of an EDI MIME Message - Applicability .............9
4.1 Introduction .................................................9
4.2 Structure of an EDI MIME Message - PGP/MIME .................10
4.2.1 No Encryption, No Signature .................................10
4.2.2 No Encryption, Signature ....................................10
4.2.3 Encryption, No Signature ....................................10
4.2.4 Encryption, Signature .......................................10
4.3 Structure of an EDI MIME Message - S/MIME ...................10
4.3.1 No encryption, No Signature..................................10
4.3.2 No encryption, Signature ....................................10
4.3.3 Encryption, No Signature ....................................11
4.3.4 Encryption, Signature .......................................11
5.0 Receipts ....................................................11
5.1 Introduction ................................................11
5.2 Requesting a Signed Receipt .................................13
5.2.1 Additional Signed Receipt Considerations ....................16
5.3 Message Disposition Notification Format .....................17
5.3.1 Message Disposition Notification Extensions .................18
5.3.2 Disposition Mode, Type, and Modifier Use ....................19
5.4 Message Disposition Notification Processing .................21
5.4.1 Large File Processing .......................................21
5.4.2 Example .....................................................22
6.0 Public Key Certificate Handling .............................24
Show full document text