Uploaded image for project: 'OASIS ebXML Messaging Services TC'
  1. OASIS ebXML Messaging Services TC
  2. EBXMLMSG-111

Encrypting parts of eb:Messaging header in AS4

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: AS4 Profile, Core Spec
    • Labels:
      None
    • Proposal:
      Hide

      Change the sentence

      "However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header. "

      To:

      "However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header or any of its child elements. "

      Show
      Change the sentence "However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header. " To: "However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header or any of its child elements. "

      Description

      Section 7.5 of the Core Spec states:

      An MSH Implementation may encrypt the eb:Messaging Container Element. It may also encrypt select child elements of the eb:Messaging header, leaving other elements unencrypted.

      Section 5.1.6 of AS4 states:

      If an AS4 user message is to be encrypted, AS4 MSH implementations MUST encrypt ALL payload parts. However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header.

      When we wrote this, it was (IIRC) our intention to rule out encryption of the eb:Messaging header as well as any of its child elements. However, the wording in AS4 only rules out encrypting the entire header and is silent about partial encrypting at child element level.

      One AS4 implementation interpreted this as meaning that partial encryption is still allowed, as it is not explicitly ruled out in AS4 and possible in ebMS3.

      That implementer also noted that full or partial encryption of the header is problematic, for example a Receiving MSH may need to know which P-Mode to apply to an incoming message, which the headers in eb:Messaging normally facilitate, but can't if they're encrypted

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pvde Pim van der Eijk (Inactive)
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: