Hi,
I'm getting the following error/warning when sending messages with mendelson opensource AS2 1.1 b27 without requiring a signed MDN from partner:
The Message Integrity Code (MIC) does not match the sent AS2 message (required: Ap1u0wAQtwJbIEv4DMMYX4EDjhw=, sha1, returned: null).
I believe that Received-content-MIC field is mandatory only for signed MDNs, so this check shouldn't be done for unsigned MDNs...
Regards,
Gabi
Gabi,
this message is a notification only without any effect on the transaction. But thank you for the hint, didnt know it so far that the MIC is only mandatory for signed MDN.
I found the following part in the AS3 specs, but nothing in a AS2 spec or RFC. But here it says that the MIC calculation is mandatory in any case.
- For any signed messages, the MIC to be returned is calculated on
the RFC1767 MIME header and content. Canonicalization as specified
in RFC 1848 MUST be performed before the MIC is calculated, since
the sender requesting the signed receipt was also REQUIRED to
canonicalize.
- For encrypted, unsigned messages, the MIC to be returned is
calculated on the decrypted RFC 1767 MIME header and content. The
content after decryption MUST be canonicalized before the MIC is
calculated.
- For unsigned, unencrypted messages, the MIC MUST be calculated
over the message contents prior to Content-Tranfer-Encoding and
without the MIME or any other RFC 822 headers, since these are
sometimes altered or reordered by MTAs.
from: http://xml.coverpages.org/draft-ietf-ediint-as3-00.txt
Could you please point me a location/RFC where it is defined that unsigned MDN do not need a MIC calculation in EDIINT AS2?
Regards
Heller
Hi,
Please check RFC 4130
- section 7.4.2 - AS2-received-content-MIC-field is optional:
AS2-disposition-notification-content =
[ reporting-ua-field CRLF ]
[ mdn-gateway-field CRLF ]
final-recipient-field CRLF
[ original-message-id-field CRLF ]
AS2-disposition-field CRLF
*( failure-field CRLF )
*( error-field CRLF )
*( warning-field CRLF )
*( extension-field CRLF )
[ AS2-received-content-MIC-field CRLF ]
- section 7.4.3:
The "Received-content-MIC" extension field is set when the integrity of the received message is verified. The MIC is the base64-encoded message-digest computed over the received message with a hash function. This field is required for signed receipts but optional for unsigned receipts.
Sorry for the late reply,
Gabi
Gabi,
thank you very much for searching the RFCs for this issue. We will implement it in the next release
Regards
Heller