MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet
RFC 3335
Document | Type | RFC - Proposed Standard (September 2002; No errata) | |
---|---|---|---|
Authors | Terry Harding , Rik Drummond , Chuck Shih | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3335 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Ned Freed | ||
IESG note | Responsible: Finished | ||
Send notices to | (None) |
Network Working Group T. Harding Request for Comments: 3335 Cyclone Commerce Category: Standards Track R. Drummond Drummond Group C. Shih Gartner Group September 2002 MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document describes how to exchange structured business data securely using SMTP transport for Electronic Data Interchange, (EDI - either the American Standards Committee X12 or UN/EDIFACT, Electronic Data Interchange for Administration, Commerce and Transport), XML or other data used for business to business data interchange. The data is packaged using standard MIME content-types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME) or OpenPGP security body parts. Authenticated acknowledgements make use of multipart/signed replies to the original SMTP message. Harding, et. al. Standards Track [Page 1] RFC 3335 MIME-based Secure EDI September 2002 Table of Contents 1.0 Introduction .................................................3 2.0 Overview .....................................................4 2.1 Purpose of a Security Guideline for MIME EDI .................4 2.2 Definitions ..................................................4 2.2.1 Terms ........................................................4 2.2.2 The Secure Transmission Loop .................................5 2.2.3 Definition of Receipts .......................................5 2.3 Assumptions ..................................................6 2.3.1 EDI Process Assumptions ......................................6 2.3.2 Flexibility Assumptions ......................................7 3.0 Referenced RFCs and Their Contribution .......................8 3.1 RFC 821 SMTP [7] .............................................8 3.2 RFC 822 Text Message Format [3] ..............................8 3.3 RFC 1847 MIME Security Multiparts [6] ........................8 3.4 RFC 1892 Multipart/Report [9] ................................8 3.5 RFC 1767 EDI Content [2] .....................................9 3.6 RFC 2015, 3156, 2440 PGP/MIME [4] ............................9 3.7 RFC 2045, 2046, and 2049 MIME [1] ............................9 3.8 RFC 2298 Message Disposition Notification [5] ................9 3.9 RFC 2633 and 2630 S/MIME Version 3 Message Specifications [8] 9 4.0 Structure of an EDI MIME Message - Applicability .............9 4.1 Introduction .................................................9 4.2 Structure of an EDI MIME Message - PGP/MIME .................10 4.2.1 No Encryption, No Signature .................................10 4.2.2 No Encryption, Signature ....................................10 4.2.3 Encryption, No Signature ....................................10 4.2.4 Encryption, Signature .......................................10 4.3 Structure of an EDI MIME Message - S/MIME ...................10 4.3.1 No encryption, No Signature..................................10 4.3.2 No encryption, Signature ....................................10 4.3.3 Encryption, No Signature ....................................11 4.3.4 Encryption, Signature .......................................11 5.0 Receipts ....................................................11 5.1 Introduction ................................................11 5.2 Requesting a Signed Receipt .................................13 5.2.1 Additional Signed Receipt Considerations ....................16 5.3 Message Disposition Notification Format .....................17 5.3.1 Message Disposition Notification Extensions .................18 5.3.2 Disposition Mode, Type, and Modifier Use ....................19 5.4 Message Disposition Notification Processing .................21 5.4.1 Large File Processing .......................................21 5.4.2 Example .....................................................22 6.0 Public Key Certificate Handling .............................24Show full document text