FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet
RFC 4823

Document Type RFC - Informational (April 2007; Errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4823 (Informational)
Telechat date
Responsible AD Scott Hollenbeck
Send notices to rvd2@drummondgroup.com,tharding@cyclonecommerce.com,rscott@cyclonecommerce.com
Network Working Group                                         T. Harding
Request for Comments: 4823                                      R. Scott
Category: Informational                                            Axway
                                                              April 2007

                 FTP Transport for Secure Peer-to-Peer
              Business Data Interchange over the Internet

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This Applicability Statement (AS) describes how to exchange
   structured business data securely using the File Transfer Protocol
   (FTP) for XML, Binary, Electronic Data Interchange (EDI - ANSI X12 or
   UN/EDIFACT), or other data used for business-to-business data
   interchange for which MIME packaging can be accomplished using
   standard MIME content types.  Authentication and data confidentiality
   are obtained by using Cryptographic Message Syntax (S/MIME) security
   body parts.  Authenticated acknowledgements employ multipart/signed
   replies to the original message.

Harding & Scott              Informational                      [Page 1]
RFC 4823            AS3 Data Interchange for EDIINT           April 2007

Table of Contents

   1. Introduction ....................................................4
   2. Overview ........................................................4
      2.1. Overall Operations .........................................4
      2.2. Purpose of a Security Guideline for MIME EDI ...............5
      2.3. Definitions ................................................5
           2.3.1. Terms ...............................................5
           2.3.2. The Secure Transmission Loop ........................6
           2.3.3. Definition of Receipts ..............................7
      2.4. Operational Assumptions and Options ........................8
           2.4.1. EDI/EC Process Assumptions ..........................8
           2.4.2. Process Options .....................................8
                  2.4.2.1. Security Options ...........................8
                  2.4.2.2. Compression Options .......................10
   3. Referenced RFCs and Their Contribution .........................10
      3.1. RFC 959: File Transfer Protocol [3] .......................10
      3.2. RFC 2228: FTP Security Extensions [4] .....................10
      3.3. RFC 1847: MIME Security Multiparts [7] ....................10
      3.4. RFC 3462: Multipart/Report [12] ...........................11
      3.5. RFC 1767: EDI Content [2] .................................11
      3.6. RFCs 2045, 2046, and 2049: MIME [1] .......................11
      3.7. RFC 3798: Message Disposition Notification [6] ............11
      3.8. RFC 3852: CMS [9] and RFC 3851: S/MIME Version 3.1
           Message Specification [10] ................................11
      3.9. RFC 3850: S/MIME Version 3.1 Certificate Handling [11] ....11
      3.10. RFC 3274: Compressed Data Content Type for
            Cryptographic Message Syntax (CMS) [17] ..................11
      3.11. RFC 3023: XML Media Types [16] ...........................12
   4. Structure of an AS3 Message ....................................12
      4.1. Introduction ..............................................12
      4.2. Structure of an Internet EDI MIME Message .................12
   5. AS3-Specific Headers ...........................................13
      5.1. AS3-From and AS3-To Headers ...............................13
      5.2. AS3-Version Header ........................................14
   6. FTP Considerations .............................................15
      6.1. FTP Security Requirements .................................15
      6.2. Large File Transfers ......................................15
      6.3. MIME Considerations for FTP ...............................15
           6.3.1. Required/Optional Headers ..........................15
           6.3.2. Content-Transfer-Encoding ..........................16
           6.3.3. Epilogue Must Be Empty .............................16
           6.3.4. Message-Id and Original-Message-Id .................16
   7. Structure and Processing of an MDN Message .....................17
      7.1. Introduction ..............................................17
      7.2. Message Disposition Notifications (MDN) ...................19
      7.3. Requesting a Signed Receipt ...............................19
           7.3.1. Signed Receipt Considerations ......................22

Harding & Scott              Informational                      [Page 2]
Show full document text