RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 7 records.

Status: Verified (4)

RFC 4130, "MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)", July 2005

Source of RFC: ediint (app)

Errata ID: 3028
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Kyle Meadors
Date Reported: 2011-09-16
Verifier Name: Pete Resnick
Date Verified: 2011-11-12

Section 7.4.3 says:

   digest-alg-id = "sha1" | "md5"

It should say:

   digest-alg-id = "sha-1" | "sha1" | "md5"
		; The "sha1" is a legacy spelling of the "sha-1" defined hash in the IANA Textual Names Registry
		; It should be maintained for backwards compatibility

Notes:

The proper spelling is "sha-1" per http://www.iana.org/assignments/hash-function-text-names/hash-function-text. However, "sha1" should still be accepted to support backwards compatibility. The other hashes are newer ones since the RFC was published.
--VERIFIER NOTES--
Split off erratum 1974

Errata ID: 3029
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Kyle Meadors
Date Reported: 2011-09-16
Verifier Name: Pete Resnick
Date Verified: 2011-11-12

Section 7.3 says:

   The currently supported values for MIC algorithm <micalg> values are:

        Algorithm   Value Used
        ---------    -------
         SHA-1        sha1
         MD5          md5

It should say:

   The currently supported values for MIC algorithm <micalg> values are:

        Algorithm   Value Used
        ---------    -------

         SHA-1      sha-1 or sha1
         MD5        md5

Notes:

The proper spelling is "sha-1" per http://www.iana.org/assignments/hash-function-text-names/hash-function-text. However, "sha1" should still be accepted to support backwards compatibility.

Errata ID: 1575
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: r. deutsch
Date Reported: 2008-10-14
Verifier Name: Alexey Melnikov
Date Verified: 2010-05-20

Section 4.1 says:

Any difference between AS2 implantations and RFCs are
                           ^^^^^^^^^^^^^
   mentioned specifically in the sections below.

It should say:

Any difference between AS2 implementations and RFCs are
                           ^^^^^^^^^^^^^^^
   mentioned specifically in the sections below.

Notes:

The word "implantations" should be "implementations".

Errata ID: 4743
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Joe Touch
Date Reported: 2016-07-15
Verifier Name: Orie Steele
Date Verified: 2024-03-29

Section A.3, A.4 says:

A.3.  Signed, Encrypted Message Requesting a Signed, Asynchronous
      Receipt

   Message-ID: <#as2_company#01#a4260as2_companyout#>
   Date: Thu, 19 Dec 2002 15:04:18 GMT
   From: me@example.com
   Subject: Async MDN request
   Mime-Version: 1.0
   Content-Type: application/pkcs7-mime;
     smime-type=enveloped-data; name=smime.p7m
   Content-Transfer-Encoding: binary
   Content-Disposition: attachment; filename=smime.p7m
   Recipient-Address: 10.240.1.2//
   Disposition-Notification-To:
     http://10.240.1.2:8201/exchange/as2_company
   Disposition-Notification-Options: signed-receipt-protocol=optional,
    pkcs7-signature; signed-receipt-micalg=optional,sha1
   Receipt-Delivery-Option:
     http://10.240.1.2:8201/exchange/as2_company
   AS2-From: as2_company
   AS2-To: "AS2 Test"
   AS2-Version: 1.1
   Host: 10.240.1.2:8101
   Connection: close
   Content-Length: 3428

     [omitted binary encrypted data]



Moberg & Drummond           Standards Track                    [Page 44]

RFC 4130     AS2 for Business Data Interchange Using HTTP      July 2005


A.4.  Asynchronous MDN for Message A.3, Above

   POST / HTTP/1.1
   Host: 10.240.1.2:8201
   Connection: close, TE
   TE: trailers, deflate, gzip, compress
   User-Agent: RPT-HTTPClient/0.3-3I (Windows 2000)
   Date: Thu, 19 Dec 2002 15:03:38 GMT
   Message-ID: <AS2-20021219_030338@as2_company.dgi_th>
   AS2-Version: 1.1
   Mime-Version: 1.0
   Recipient-Address:
   http://10.240.1.2:8201/exchange/as2_company
   AS2-To: as2_company
   AS2-From: "AS2 Test"
   Subject: Your Requested MDN Response
   From: as2debug@example.com
   Accept-Encoding: deflate, gzip, x-gzip, compress, x-compress
   Content-Type: multipart/signed; micalg=sha1;
     protocol="application/pkcs7-signature";
     boundary="----=_Part_337_6452266.1040310218750"
   Content-Length: 3103

   ------=_Part_337_6452266.1040310218750
   Content-Type: multipart/report;
     report-type=disposition-notification;
     boundary="----=_Part_336_6069110.1040310218718"

   ------=_Part_336_6069110.1040310218718
   Content-Type: text/plain; charset=us-ascii
   Content-Transfer-Encoding: 7bit

   The message <x12.edi> sent to Recipient <AS2 Test> on Thu, 19 Dec
   2002 15:04:18 GMT with Subject <async MDN request> has been received.
   The EDI Interchange was successfully decrypted, and its integrity was
   verified.  In addition, the sender of the message, Sender
   <as2_company> at Location http://10.240.1.2:8201/exchange/as2_company
   was authenticated as the originator of the message.  There is no
   guarantee, however, that the EDI interchange was syntactically
   correct, or that it was received by the EDI application/translator.











Moberg & Drummond           Standards Track                    [Page 45]

RFC 4130     AS2 for Business Data Interchange Using HTTP      July 2005


   ------=_Part_336_6069110.1040310218718
   Content-Type: message/disposition-notification
   Content-Transfer-Encoding: 7bit

   Reporting-UA: AS2@test:8101
   Original-Recipient: rfc822; "AS2 Test"
   Final-Recipient: rfc822; "AS2 Test"
   Original-Message-ID: <#as2_company#01#a4260as2_companyout#>
   Disposition: automatic-action/MDN-sent-automatically;
     processed
   Received-Content-MIC: Hes6my+vIxIYxmvsA+MNpEOTPAc=, sha1

   ------=_Part_336_6069110.1040310218718--

   ------=_Part_337_6452266.1040310218750
   Content-Type: application/pkcs7-signature; name=smime.p7s
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename=smime.p7s

   BhbWjEfbyXoTAS/H0zpnEqLqbaBh29y2v82b8bdeGw8pipBQWmf53hIcqHGM
   4ZBF3CHw5Wrf1JIE+8TwOzdbal30zeChw88WfRfD7c/j1fIA8sxsujvf2d9j
   UxCUga8BVdVB9kH0Geexytyt0KvWQXfaEEcgZGUAAAAAAAA=

   ------=_Part_337_6452266.1040310218750-

It should say:

A.3.  Signed, Encrypted Message Requesting a Signed, Asynchronous
      Receipt

   Message-ID: <#as2_company#01#a4260as2_companyout#>
   Date: Thu, 19 Dec 2002 15:04:18 GMT
   From: me@example.com
   Subject: Async MDN request
   Mime-Version: 1.0
   Content-Type: application/pkcs7-mime;
     smime-type=enveloped-data; name=smime.p7m
   Content-Transfer-Encoding: binary
   Content-Disposition: attachment; filename=smime.p7m
   Recipient-Address: 10.240.1.2//
   Disposition-Notification-To:
     http://10.240.1.2:58201/exchange/as2_company
   Disposition-Notification-Options: signed-receipt-protocol=optional,
    pkcs7-signature; signed-receipt-micalg=optional,sha1
   Receipt-Delivery-Option:
     http://10.240.1.2:58201/exchange/as2_company
   AS2-From: as2_company
   AS2-To: "AS2 Test"
   AS2-Version: 1.1
   Host: 10.240.1.2:58101
   Connection: close
   Content-Length: 3428

     [omitted binary encrypted data]



Moberg & Drummond           Standards Track                    [Page 44]

RFC 4130     AS2 for Business Data Interchange Using HTTP      July 2005


A.4.  Asynchronous MDN for Message A.3, Above

   POST / HTTP/1.1
   Host: 10.240.1.2:58201
   Connection: close, TE
   TE: trailers, deflate, gzip, compress
   User-Agent: RPT-HTTPClient/0.3-3I (Windows 2000)
   Date: Thu, 19 Dec 2002 15:03:38 GMT
   Message-ID: <AS2-20021219_030338@as2_company.dgi_th>
   AS2-Version: 1.1
   Mime-Version: 1.0
   Recipient-Address:
   http://10.240.1.2:58201/exchange/as2_company
   AS2-To: as2_company
   AS2-From: "AS2 Test"
   Subject: Your Requested MDN Response
   From: as2debug@example.com
   Accept-Encoding: deflate, gzip, x-gzip, compress, x-compress
   Content-Type: multipart/signed; micalg=sha1;
     protocol="application/pkcs7-signature";
     boundary="----=_Part_337_6452266.1040310218750"
   Content-Length: 3103

   ------=_Part_337_6452266.1040310218750
   Content-Type: multipart/report;
     report-type=disposition-notification;
     boundary="----=_Part_336_6069110.1040310218718"

   ------=_Part_336_6069110.1040310218718
   Content-Type: text/plain; charset=us-ascii
   Content-Transfer-Encoding: 7bit

   The message <x12.edi> sent to Recipient <AS2 Test> on Thu, 19 Dec
   2002 15:04:18 GMT with Subject <async MDN request> has been received.
   The EDI Interchange was successfully decrypted, and its integrity was
   verified.  In addition, the sender of the message, Sender
   <as2_company> at Location 
   http://10.240.1.2:58201/exchange/as2_company
   was authenticated as the originator of the message.  There is no
   guarantee, however, that the EDI interchange was syntactically
   correct, or that it was received by the EDI application/translator.











Moberg & Drummond           Standards Track                    [Page 45]

RFC 4130     AS2 for Business Data Interchange Using HTTP      July 2005


   ------=_Part_336_6069110.1040310218718
   Content-Type: message/disposition-notification
   Content-Transfer-Encoding: 7bit

   Reporting-UA: AS2@test:58101
   Original-Recipient: rfc822; "AS2 Test"
   Final-Recipient: rfc822; "AS2 Test"
   Original-Message-ID: <#as2_company#01#a4260as2_companyout#>
   Disposition: automatic-action/MDN-sent-automatically;
     processed
   Received-Content-MIC: Hes6my+vIxIYxmvsA+MNpEOTPAc=, sha1

   ------=_Part_336_6069110.1040310218718--

   ------=_Part_337_6452266.1040310218750
   Content-Type: application/pkcs7-signature; name=smime.p7s
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename=smime.p7s

   BhbWjEfbyXoTAS/H0zpnEqLqbaBh29y2v82b8bdeGw8pipBQWmf53hIcqHGM
   4ZBF3CHw5Wrf1JIE+8TwOzdbal30zeChw88WfRfD7c/j1fIA8sxsujvf2d9j
   UxCUga8BVdVB9kH0Geexytyt0KvWQXfaEEcgZGUAAAAAAAA=

   ------=_Part_337_6452266.1040310218750-

Notes:

Port numbers used in examples need to either refer to the intended service (e.g., 80 for HTTP) or use dynamic ports (49152-65535). The examples provided used examples in the assigned User ports range (8101, 8201) both as source and destination, and neither is appropriate for the example service described.

The simplest change was to add a "5" in front of the numbers, placing them in the dynamic range (e.g., 58101, 58201).

Status: Rejected (3)

RFC 4130, "MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)", July 2005

Source of RFC: ediint (app)

Errata ID: 2973
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Kyle Meadors
Date Reported: 2011-09-16
Rejected by: Pete Resnick
Date Rejected: 2011-11-12

Section 7.3 says:

   The currently supported values for MIC algorithm <micalg> values are:

        Algorithm   Value Used
        ---------    -------
         SHA-1        sha1
         MD5          md5

It should say:

   The currently supported values for MIC algorithm <micalg> values are:

        Algorithm   Value Used
        ---------    -------

         SHA-1      sha-1 or sha1
         MD5        md5
         SHA-224    sha-224
         SHA-256    sha-256
         SHA-384    sha-384
         SHA-512    sha-512

Notes:

The proper spelling is "sha-1" per http://www.iana.org/assignments/hash-function-text-names/hash-function-text. However, "sha1" should still be accepted to support backwards compatibility. The other hashes are newer ones since the RFC was published.
--VERIFIER NOTES--
A separate erratum was issued with the SHA1/SHA-1 fix. The additional algorithms cannot be added in an erratum.

Errata ID: 2974
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Kyle Meadors
Date Reported: 2011-09-16
Rejected by: Peter Saint-Andre
Date Rejected: 2011-11-12

Section 7.4.3 says:

   digest-alg-id = "sha1" | "md5"

It should say:

   digest-alg-id = "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512" | "sha1" | "md5"
		; The "sha1" is a legacy spelling of the "sha-1" defined hash in the IANA Textual Names Registry
		; It should be maintained for backwards compatibility

Notes:

The proper spelling is "sha-1" per http://www.iana.org/assignments/hash-function-text-names/hash-function-text. However, "sha1" should still be accepted to support backwards compatibility. The other hashes are newer ones since the RFC was published.
--VERIFIER NOTES--
Because this erratum really requires publication of a replacement RFC, in accordance with the "IESG Processing of RFC Errata for the IETF Stream" <http://www.ietf.org/iesg/statement/errata-processing.html> the appropriate processing is to reject it.

Errata ID: 3055
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: JP McCrory
Date Reported: 2011-12-20
Rejected by: Pete Resnick
Date Rejected: 2011-12-29

Throughout the document, when it says:

      Disposition: automatic-action/MDN-sent-automatically;
      processed/warning: duplicate-document

      Disposition: automatic-action/MDN-sent-automatically;
        processed/warning: duplicate-document
      Warning: An identical message already exists at the
        destination server.

      Disposition: automatic-action/MDN-sent-automatically;
        processed/warning
      Warning: duplicate-document

It should say:

(Remove/replace warning examples from section '7.5.6.  Backward Compatibility with Disposition Type, Modifier, and Extension' - see notes)

9.3.  Replay Remark

   Because business data documents normally contain transaction ids,
   replays (such as resends of not-yet-acknowledged messages) are
   discarded as part of the normal process of duplicate detection.
   Detection of duplicates by Message-Id or by business transaction
   identifiers is recommended.

(Add following comment to above section.)
   If duplicate is detected the disposition should be returned with 
   'processed' and without an error or warning status unless other
   errors occurred. Sending an error or warning on a duplicate can
   result in an endless communication loop between retransmissions
   and resulting error/warnings.

Notes:

Endless communication loops are a problem with AS2 and this is only supported by the RFC and its multiple examples of 'duplicate-document'. What most commonly happens is a file is sent synchronously to one of our partners but our two minute timeout in holding the connection for an MDN is reached. The recipients AS2 software generated the MDN but doesn't recognize the connection is no longer available for MDN return and as a result non-repudiation of receipt has not occurred. The file is later resent to the partner who then promptly sends an MDN with a processed/warning condition again not meeting our threshold of non-repudiation of receipt.

We have three or four occurrences of this exact scenario occur every week and because the RFC undercuts our ability to get AS2 software clients to address this issue at all many of our supplier are forced to manually mark their files as transmitted manually through a mailbox UI we have online.

We understand the need for duplicate detection and have our own in place but implemented in a way that endless communication loops cannot occur. Balanced duplicate detection is advised because to stringent of duplicate detection especially done within the communication protocol itself if problematic. An example of this would be partner who receive a file but then have issues in processing the data and did not take an archive of their data before processing as many do. These partners have requested our system to resend their data AS2 only to find the data is rejected before the file is received because it has the same 'message-id' as it did the first time it was sent and their AS2 software still have the message-id stored in their software's receiving records.

Again I support duplicate checking but it needs to be better defined for AS2 especially the elimination of the duplicate warning with the understanding of the unending communication loops that it can create through no fault of anyone just a missed MDN on the initial communication is all it takes.
--VERIFIER NOTES--
Aside from this being a poorly formatted report (it does not give proper original/change text and should probably have been split into multiple errata), none of this is at all appropriate for an erratum. This is a change to the examples and to add an additional warning given operational experience. This needs to be done via a document update, not an erratum.

Report New Errata



Advanced Search