This page is currently a copy of the previous consultation page, restricted to SMCO and profile specialists and will need to be updated!

...

The eDelivery team is opening a Public Consultation on a new Draft Specification public consultation on the updated draft specification of the eDelivery AS4 profile 2.0, available here. The proposed specification was designed to work together with the new Draft Specification draft specification of the eDelivery SMP profile 2.0, which is equally open for public consultation.

The first change of the profile included Updates to the security section concerning message signing, message encryption and Transport Layer Security. It also included a new profile enhance for ebCore Agreement Update

In response to the public review comments on the AS4 2.0 2023 draft profile, several changes were incorporated: the eDelivery team decided to remove the optional SBDH profile enhancement and the availability of alternative standards. Users are free to choose either SBDH or XHE as a regular payload without any further specifications and the removal of the SBDH profile enhancement will provide clarity on this.

Additionally, recommendations from cryptography and XML security experts, as well as internal evolution influenced the evolution of the profile enhancement section towards more support for elliptic curve cryptography. Additional curves, as well as a recommendation to use the type attribute when using the ebCoreParty identifiers were introduced.

Further changes in the message encryption section of the Common Profile concern the use of key transport algorithms, including the adoption of key derivation function HKDF over ConcatKDF.

Read about the updates to the security section, recommendations from cryptographic experts as well as the detailed response to the previous consultation on the AS4 2.0 profile.

The version of the new updated draft specification is set to 2.0 to illustrate that this is a backwards-incompatible evolution of the profile in that Access Points configured to operate with profile version 2.0 cannot exchange messages with Access Points configured to operate with profile version 1.x. It is noted that the backward incompatibility at the profile level does not preclude implementations from supporting both profile versions in the same product and allowing through configuration the parallel use of both versions (e.g., version 1.x when interacting with a legacy Access Point and version 2.0 when interacting with a new Access Point).

Compared to the current version, this new draft specification updates the security section by adopting more state-of-the art protocols and algorithms and proposes two new Profile Enhancements.

Updates to security section

The security parameters included in the eDelivery AS4 profile versions 1.x were high-end when they were selected but have only been marginally updated since 2014. The current profile is still secure but is no longer leading edge. New algorithms and key types based on elliptic curve cryptography are commonplace and their use is expected for new applications and protocols. The recently adopted IETF RFC 9231 allows their use in the XML Security, WS-Security and AS4 standards. By aligning the eDelivery AS4 profile with state-of-the-art security we look to provide continuity and investment protection.

Following the consultation of independent cryptography and XML encryption experts, the following changes are proposed:

• for message signing, mandatory support for signing using Ed25519 (elliptic curve signature algorithm using EdDSA and Curve25519) is proposed in the Common Profile, replacing RSA.
• for message encryption, mandatory support for encryption using X25519 (Elliptic Curve Diffie-Hellman Key Exchange using Curve25519) is proposed in the Common Profile, replacing RSA-OAEP key transport. The use of ECDH allows two parties to jointly agree on a shared secret using an insecure channel. The Common Profile proposes the use of ECDH in ephemeral-static mode (ECDH-ES), which requires a stable shared recipient public key and a constantly changing sender public key.
• optionally, the use of ECDH in full ephemeral mode (ECDHE) is available in combination with the new ebCore Agreement Update profile enhancement that can be used to frequently replace the stable shared recipient public key.
• optionally, support for ECDSA with Brainpool curves is proposed as a profile enhancement for cryptographic agility and/or interoperability with MS schemes.
• modern TLS cipher suites and support for version 1.3 of Transport Layer Security are introduced and recommended in the Common Profile.

New Profile Enhancement for ebCore Agreement Update

The new version of the profile proposes the introduction of support for ebCore Agreement Update, an OASIS specification for interoperable message-based updating of messaging configurations. The use of ebCore Agreement Update allows the automation of configuration changes for direct trust / mutual exchange networks after the initial configuration, since upcoming certificate and/or endpoint changes can be communicated ahead of time using an existing secure and trusted channel. Communicating parties can then switch to them at the date & time agreed as part of the message exchange. This removes the dependency on central services. Certificate updates can include signing, encryption and key exchange certificates. Endpoint updates can include endpoint URLs, profile versions, algorithms and network security updates (e.g., outgoing/incoming IPs that must be configured in the firewall).

Where security is concerned, ebCore Agreement Update can be used to approximate full ephemeral ECDH since each party can be configured to automatically send a new key to each communication partner with some predefined frequency. The key could be the same for all partners or partner-specific.

New Profile Enhancement for supporting alternative curves and algorithms

In addition to the algorithms and curves proposed for the Common Profile, additional ones may be supported via implementation of this proposed profile enhancement: ECDSA for signing and key agreement based on Brainpool curves.

...

...

)

...

Supporting documents

For the preparation of the new Draft Specification, the eDelivery team consulted different security experts. The key documents elaborated by the experts are published below.

Please post your comments on this page or send them to EC-EDELIVERY-SUPPORT@ec.europa.eu with [eDelivery AS4 profile version 2.0 updated] in the title of the email.

...