MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)
RFC 4130
Document Type RFC - Proposed Standard (July 2005; Errata)
Authors Dale Moberg  , Rik Drummond 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4130 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Scott Hollenbeck
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          D. Moberg
Request for Comments: 4130                              Cyclone Commerce
Category: Standards Track                                    R. Drummond
                                                     Drummond Group Inc.
                                                               July 2005

                     MIME-Based Secure Peer-to-Peer
                 Business Data Interchange Using HTTP,
                    Applicability Statement 2 (AS2)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document provides an applicability statement (RFC 2026, Section
   3.2) that describes how to exchange structured business data securely
   using the HTTP transfer protocol, instead of SMTP; the applicability
   statement for SMTP is found in RFC 3335.  Structured business data
   may be XML; Electronic Data Interchange (EDI) in either the American
   National Standards Committee (ANSI) X12 format or the UN Electronic
   Data Interchange for Administration, Commerce, and Transport
   (UN/EDIFACT) format; or other structured data formats.  The data is
   packaged using standard MIME structures.  Authentication and data
   confidentiality are obtained by using Cryptographic Message Syntax
   with S/MIME security body parts.  Authenticated acknowledgements make
   use of multipart/signed Message Disposition Notification (MDN)
   responses to the original HTTP message.  This applicability statement
   is informally referred to as "AS2" because it is the second
   applicability statement, produced after "AS1", RFC 3335.

Moberg & Drummond           Standards Track                     [Page 1]
RFC 4130     AS2 for Business Data Interchange Using HTTP      July 2005

Table of Contents

   1. Introduction ....................................................3
      1.1. Applicable RFCs ............................................3
      1.2. Terms ......................................................3
   2. Overview ........................................................5
      2.1. Overall Operation ..........................................5
      2.2. Purpose of a Security Guideline for MIME EDI ...............5
      2.3. Definitions ................................................5
      2.4. Assumptions ................................................7
   3. Referenced RFCs and Their Contributions .........................9
      3.1. RFC 2616 HTTP v1.1 [3] .....................................9
      3.2. RFC 1847 MIME Security Multiparts [6] ......................9
      3.3. RFC 3462 Multipart/Report [8] .............................10
      3.4. RFC 1767 EDI Content [2] ..................................10
      3.5. RFC 2045, 2046, and 2049 MIME [1] .........................10
      3.6. RFC 3798 Message Disposition Notification [5] .............10
      3.7. RFC 3851 and 3852 S/MIME Version 3.1 Message
           Specifications and Cryptographic Message Syntax (CMS) [7]..10
      3.8. RFC 3023 XML Media Types [10] .............................10
   4. Structure of an AS2 Message ....................................10
      4.1. Introduction ..............................................10
      4.2. Structure of an Internet EDI MIME Message .................11
   5. HTTP Considerations ............................................12
      5.1. Sending EDI in HTTP POST Requests .........................12
      5.2. Unused MIME Headers and Operations ........................12
      5.3. Modification of MIME or Other Headers or Parameters Used ..13
      5.4. HTTP Response Status Codes ................................14
      5.5. HTTP Error Recovery .......................................14
   6. Additional AS2-Specific HTTP Headers ...........................14
      6.1. AS2 Version Header ........................................15
      6.2. AS2 System Identifiers ....................................15
   7. Structure and Processing of an MDN Message .....................17
      7.1. Introduction ..............................................17
      7.2. Synchronous and Asynchronous MDNs .........................19
      7.3. Requesting a Signed Receipt ...............................21
      7.4. MDN Format and Values .....................................25
      7.5. Disposition Mode, Type, and Modifier ......................30
      7.6. Receipt Reply Considerations in an HTTP POST ..............35
   8. Public Key Certificate Handling ................................35
   9. Security Considerations ........................................36
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools