Markdown Version | Transcript | Session Recording

Session Date/Time: 23 Apr 2026 14:00

EDIINT

Summary

The EDIINT Working Group met to continue the review of draft-ietf-ediint-rfc4130bis, focusing on the modernization of the AS2 protocol. The discussion covered new features such as AS2 Restart, compression support, file name preservation, and multiple attachments. Significant time was devoted to MDN (Message Disposition Notification) updates, security requirements (TLS 1.3), and certificate management trends. A poll of the room indicated unanimous support for adopting the current draft as a Working Group document.

Key Discussion Points

AS2 Feature Documentation

Debra Petta presented several features from the Sessa - rfc4130bis slide deck:

• AS2 Restart (Section 5.5): Uses HTTP range headers to resume interrupted transfers. Debra Petta clarified this is distinct from AS2 Reliability, which is a broader checkpoint framework.
• Compression (Section 5.6): Explicitly documents ZLIB compression. Debra Petta noted that compression is applied before encryption, though implementations vary on whether it occurs before or after signing.
• File Name Preservation (Section 5.7): Uses the Content-Disposition header. A 255-character limit was proposed; Bojidar Ivanov agreed this is a widely adopted limit.
• Multiple Attachments (Section 5.8): Uses multipart/related to bundle documents (e.g., invoices with packing slips).

MDN Updates and IANA Registries

The group discussed updates to Message Disposition Notifications in Section 8:

• Disposition Modifiers: Several new modifiers were introduced (e.g., decompression-failed, duplicate-file-name).
• Naming Consistency: Asger Smidt noted that unknown-trading-partner is more common in the field than unknown-trading-relationship.
• Registry Recommendation: Marc Blanchet strongly recommended moving these enumeration values into an IANA registry to allow for future extensions without updating the RFC. Debra Petta agreed to look into setting this up.

Security and TLS Requirements

A major technical discussion occurred regarding the transition to modern security standards:

• HTTPS Requirement: Marc Blanchet highlighted that current IETF policy favors HTTPS. Bojidar Ivanov suggested dropping HTTP from the new specification entirely to ensure the spec reflects modern security, even if implementations maintain HTTP for legacy support.
• TLS Versions: Bojidar Ivanov and Marc Blanchet advocated for making TLS 1.3 a "MUST" for compliance with the new RFC. Aamir Shaikh and Murali Panidepu expressed concerns regarding backward compatibility for older implementations.
• Certificate Lifetimes: Debra Petta raised the industry trend toward 47-day TLS certificate lifetimes. Joe Mandel and Erik Wramner clarified that this likely applies to end-entity certificates rather than root certificates.
• CEM (Certificate Exchange Messaging): Due to shorter certificate lifecycles, Debra Petta suggested strengthening CEM from "MAY" to "SHOULD" to support necessary automation. Erik Wramner noted CEM is primarily used for AS2/SMIME certificates rather than the TLS transport layer.

Backward Compatibility

Debra Petta outlined the migration strategy based on "Postel’s Law" (be conservative in what you send, liberal in what you accept):

• S/MIME Versions: The spec will support both S/MIME 3.2 (Enveloped Data) and S/MIME 4.0 (Auth Enveloped Data).
• Algorithm Negotiation: Implementations should detect partner capabilities via the AS2-Version header or out-of-band communication.

Decisions and Action Items

• Decision: A poll was taken on whether to adopt draft-petta-rfc4130bis as a Working Group document. The result was 13 Yes, 0 No, and 0 No Opinion. This consensus will be confirmed on the mailing list.
• Action Item: Debra Petta to update the draft to make TLS 1.3 a "MUST" and TLS 1.2 a "MAY."
• Action Item: Debra Petta to incorporate IANA considerations for disposition modifiers and header registrations.
• Action Item: Chairs to confirm the adoption of the draft on the mailing list.

Next Steps

• The Working Group will transition to monthly virtual interim meetings to maintain momentum on the large specification.
• Future discussions on the mailing list will address the potential splitting of the document into a "minimal update" (errata) vs. an "AS2 v2.0" clean baseline.
• The chairs will evaluate the need for a session at IETF 120 (Vienna) based on the low projected in-person attendance (only 2 participants indicated they would be on-site).

Chair Slides

Related Documents

draft-ietf-ediint-rfc4130bis, draft-petta-rfc4130bis