[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Need your feedback re: AS2 using PGP

I've been working on some examples for the AS2 spec, which I hope to have
ready next week. In my attempt to construct a PGP example I came across an
interesting situation. RFC 2015 (PGP/MIME) specifies that PGP encrypted files
should be enveloped in the following way:

	multipart/encrypted boundary=foo; protocol="application/pgp-encrypted"
		application/pgp-encrypted
		   "Version: 1"
		application/octet-stream

		   [encrypted payload]

Note that the actual pgp-encrypted payload is associated with a MIME
type of application/octet-stream and the payload associated with the MIME type 
application/pgp-encrypted contains unencrypted "clear text" "control data" 
ONLY.  This layering is a bit confusing when compared to the way S/MIME 
enveloping works. (NOTE TO AS1 AUTHORS, the layering described in EDIINT AS1 
section 4.2.x for application/pgp-encrypted is inconsistent with RFC 2015.)

For example, the enveloping of an an object using S/MIME Version 2 
(packaged for e-mail transport using the RSA S/MIME-C libraries) appears as:

  Content-Type:application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m
  Content-Transfer-Encoding:base64
  Content-Disposition:attachment;filename=smime.p7m

	[encrypted payload]

NOTE: the encrypted payload is associated with the application/pkcs7-mime 
content-type.

For the purposes of AS2, I would like to propose a slight modification to the 
enveloping of PGP encrypted objects by replacing the "Version: 1", as specified by RFC 2015, with the actual encrypted object and removing the enveloping for 
application/octet-stream all together. This enveloping is consistent with the 
way S/MIME currently works.

Here is an example of an AS2 compliant HTTP POST reflecting the proposed 
changes.  This example was created using an off-the-shelf Netscape 
Communicator Browser:


POST /cgi-bin/oracle/dispatch HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.5 [en] (Win95; I)
Host: localhost:2600
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
Content-type: multipart/form-data; boundary=---------------------------12164286314927
Content-Length: 1033

-----------------------------12164286314927
Content-Disposition: form-data; name="from"

900100001
-----------------------------12164286314927
Content-Disposition: form-data; name="to"

800200002
-----------------------------12164286314927
Content-Disposition: form-data; name="input-format"

x12
-----------------------------12164286314927
Content-Disposition: form-data; name="input-data"; filename="C:\GISBLite\as2testtextfiletxt.asc"
Content-Type: application/pgp-encrypted

-----BEGIN PGP MESSAGE-----
Version: PGP 6.5

hQCMAzRG1pEOIOvdAQQAo64wVHpZRIj1/QtrYNfiyU9V4fSWRFXpGbYvsZpnTmh4
o28CbziS1DVE/kSR/OhQbPbXGP5+z7hq8cGXwvHF1EvdFawDiBDCGf2KX2PI81pd
MHXr1sODtkljpNFy8+ikRmtBUWu458Irkp5inK2D4m+hHx//leL+9GmSyhPMUdyk
k3rcuTQTioltM9SW4nsEZ7IWAFTHbNiBKPpB8l6j51O3jl74nS1ONplLyQ+zYptz
sjv4vGk6LShPIFiVlZkL9JNaW4+tySrgspUqit+VUcaWHdIVCEXUsJzBVKP0bCZE
vB5hq5aZ8scTrwHocHiSgsmFL8ysrJjlGkkKM9RwAgqdkwUqewJ43KG9fMiiPRHh
gn4CCA==
=0lrq
-----END PGP MESSAGE-----

-----------------------------12164286314927--



Dick Brooks                            dick@xxxxxxxx
Tel. 205-250-8053		       Birmingham, Alabama
Group 8760 LLC                         WWW URL:  http://www.8760.com/
SECURE ELECTRONIC COMMERCE SOLUTIONS FOR HEALTHCARE AND NATURAL GAS INDUSTRIES