Being new on this list I
don’t know if it has been given before but:
OpenAS2 is a free
open-source implementation of EDIINT AS2.
Of course its
interoperability is not certified.
It’s quite new
(first release end of May), but I have tested it and it works quite well. It
can’t be compared to commercial products yet but I think it’s
promising.
The OpenAS2 project:
http://www.openas2.org
and it is hosted on
sourceforge.org:
http://sourceforge.net/projects/openas2
I am not part of this
project or related to them in any way.
Maybe I will contact them
and ask them to make some more official announcement on this list.
-----------------------------------------
Ludan STOECKLE
DSI
Groupe Casino - Etudes
04 77 45 48 01
-----Message d'origine-----
De : Paul V Ford-Hutchinson
[mailto:paulfordh@xxxxxxxxxx]
Envoyé : jeudi 5 juin 2003
18:55
À : lstoeckle@xxxxxxxxxxxxxxxx
Objet : RE : AS2-SMIME : has
the certificate to be included inside the si gnatu re?
Ludan - what is 'OpenAS2' - is there a pointer you can give
me to it please ?
Cheers,
Paul
--
Paul Ford-Hutchinson : eCommerce application security :
paulfordh@xxxxxxxxxx
MPT-6, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5JL +44 (0)1926 462005
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
|
|
lstoeckle@xxxxxxxxxxxxxxxx
Sent by: owner-ietf-ediint@xxxxxxxxxxxx
05/06/2003
16:27
|
To:
ietf-ediint@xxxxxxxxxxxxxxxx
cc:
Subject:
RE : AS2-SMIME : has the certificate to be included inside the si
gnatu re?
|
Thanks for
your answer.
In fact I have
interoperability issues between OpenAS2 and a commercial AS2-certified product
(I will not say which one).
I'm pretty sure
OpenAS2 doesn't send the certificate inside the signature when it sends a
message (the signature part is too short to be contain the certificate). But
this produces a signature checking error on the commercial product, and I do
believe it's due to the lack of certificate: this commercial product uses
OpenSSL, and in the log the command line calls are visible; and with this
command line OpenSSL is not able to check the signature even if it is available
on the computer.
I'd really like
to know what's inside the spec about this.
Thanks,
Ludan Stoecklé.
-----Message d'origine-----
De : Jess Sightler
[mailto:jsightler@xxxxxxxxxxxxxxxxxxxx]
Envoyé : jeudi
5 juin 2003 14:36
À :
lstoeckle@xxxxxxxxxxxxxxxx
Cc : ietf-ediint@xxxxxxxxxxxxxxxx
Objet : Re:
AS2-SMIME : has the certificate to be included inside the signatu re?
I can't speak
100% from the spec on this, but I know that iSoft makes
sending the
Certificate with a signature optional.
Based on that, I
believe that it is an option to not send the cert. I
believe that
sending the Cert would be a good practice, however.
Thanks,
Jess
On Thu,
2003-06-05 at 09:58, lstoeckle@xxxxxxxxxxxxxxxx wrote:
> Hello,
>
>
>
> I am new on
this list - and I need your help.
>
>
>
> AS2: when
sending a signed message (the original message which can
> also be
signed, or a signed MDN), has the signer's certificate to be
> included
inside of the signature MIME part?
>
> Is it
mandatory or should AS2 compliant products accept both? (signed
> messages
containing the cert, or not containing it, in which case they
> would try to
find a certificate on the local key store etc.)
>
>
>
> Regards,
>
>
-----------------------------------------
> Ludan
STOECKLE
> DSI Groupe
Casino - Etudes
>
> 04 77 45 48
01
>
>
lstoeckle@xxxxxxxxxxxxxxxx
>
-----------------------------------------
>
>
>
>
>
>
--
=======================================
Jess Sightler
Senior Developer
Exim Technologies
131 Falls Street
Greenville SC
29601
Phone:
864-679-4651
=======================================
