Versions Compared

Old Version 1

changes.mady.by.user Verena SCZECH

Saved on

compared with

New Version Current

changes.mady.by.user Kris STRASZAK

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: close the public consultation

This page is currently a copy of the previous consultation page, restricted to SMCO and profile specialists and will need to be updated!

HTML Wrap
padding20px
border-sidebottom
border-color#ffd617
border-width3px
border-stylesolid

Public Consultation

Page properties
label
Status

Status
colourRed
titleclosed

Consulted Expert Group / StakeholdereDelivery community
OutcomeComments for input
Launch date

 

Due date

 

Main contact addressEC-EDELIVERY-SUPPORT@EC.EUROPA.EU

...

The eDelivery team is opening a Public Consultation on a new Draft Specification public consultation on the updated draft specification of the eDelivery AS4 profile 2.0, available here. The proposed specification was designed to work together with the new Draft Specification draft specifications of the eDelivery SMP profile 2.0, which is eDelivery BDXL profile 2.0 and eDelivery ebCore Party Id profile 2.0, all equally open for public consultation.

The version of the new draft specification specifications is set to 2.0 to illustrate that this is a backwards-incompatible evolution of the profile in that Access Points configured to operate with profile version 2.0 cannot exchange messages with Access Points configured to operate with profile version 1.x. It is noted that the backward incompatibility at the profile level does not preclude implementations from supporting both profile versions in the same product and allowing through configuration the parallel use of both versions (e.g., version 1.x when interacting with a legacy Access Point and version 2.0 when interacting with a new Access Point).

Compared to the current version, this new draft specification updates the security section by adopting more state-of-the art protocols and algorithms and proposes two new Profile Enhancements.

Updates to security section

The security parameters included in the eDelivery AS4 profile versions 1.x were high-end when they were selected but have only been marginally updated since 2014. The current profile is still secure but is no longer leading edge. New algorithms and key types based on elliptic curve cryptography are commonplace and their use is expected for new applications and protocols. The recently adopted IETF RFC 9231 allows their use in the XML Security, WS-Security and AS4 standards. By aligning the eDelivery AS4 profile with state-of-the-art security we look to provide continuity and investment protection.

Following the consultation of independent cryptography and XML encryption experts, the following changes are proposed:

  • for message signing, mandatory support for signing using Ed25519 (elliptic curve signature algorithm using EdDSA and Curve25519) is proposed in the Common Profile, replacing RSA.
  • for message encryption, mandatory support for encryption using X25519 (Elliptic Curve Diffie-Hellman Key Exchange using Curve25519) is proposed in the Common Profile, replacing RSA-OAEP key transport. The use of ECDH allows two parties to jointly agree on a shared secret using an insecure channel. The Common Profile proposes the use of ECDH in ephemeral-static mode (ECDH-ES), which requires a stable shared recipient public key and a constantly changing sender public key.
  • optionally, the use of ECDH in full ephemeral mode (ECDHE) is available in combination with the new ebCore Agreement Update profile enhancement that can be used to frequently replace the stable shared recipient public key.
  • optionally, support for ECDSA with Brainpool curves is proposed as a profile enhancement for cryptographic agility and/or interoperability with MS schemes.
  • modern TLS cipher suites and support for version 1.3 of Transport Layer Security are introduced and recommended in the Common Profile.

New Profile Enhancement for ebCore Agreement Update

The new version of the profile proposes the introduction of support for ebCore Agreement Update, an OASIS specification for interoperable message-based updating of messaging configurations. The use of ebCore Agreement Update allows the automation of configuration changes for direct trust / mutual exchange networks after the initial configuration, since upcoming certificate and/or endpoint changes can be communicated ahead of time using an existing secure and trusted channel. Communicating parties can then switch to them at the date & time agreed as part of the message exchange. This removes the dependency on central services. Certificate updates can include signing, encryption and key exchange certificates. Endpoint updates can include endpoint URLs, profile versions, algorithms and network security updates (e.g., outgoing/incoming IPs that must be configured in the firewall).

Where security is concerned, ebCore Agreement Update can be used to approximate full ephemeral ECDH since each party can be configured to automatically send a new key to each communication partner with some predefined frequency. The key could be the same for all partners or partner-specific.

New Profile Enhancement for supporting alternative curves and algorithms

In addition to the algorithms and curves proposed for the Common Profile, additional ones may be supported via implementation of this proposed profile enhancement: ECDSA for signing and key agreement based on Brainpool curves.

Note
titleImportant Note

The consultation is launched with the proposed selection (mandatory support for Ed25519 and X25519 and optional support for ECDSA and Brainpool curves). While from a cryptographic perspective this is the recommended approach, during the period of the public consultation, the eDelivery team will further investigate the practical implications of this choice for both AS4 implementers and end users. Based on this investigation and the input received during the consultation, the specification may be revised to mandate support for both options – (1) Ed25519 and X25519 and (2) ECDSA and Brainpool curves – in the Common Profile. You are invited to provide input regarding this matter as well.

Supporting documents

For the preparation of the new Draft Specification, the eDelivery team consulted different security experts. The key documents elaborated by the experts are published below.

Attachments
uploadfalse
oldfalse
sortByname

The first draft of the eDelivery AS4 2.0 profile included updates to the security section concerning message signing, message encryption and Transport Layer Security. It also included new profile enhancements for ebCore Agreement Update and for supporting alternative elliptic curves and algorithms. In response to the public review comments on this first draft and further internal analysis, several changes were made in the second draft:

  • the message encryption section of the Common Profile was adapted to use HKDF instead of ConcatKDF for key derivation. The specification for using HKDF in XML Security is part of the draft update RFC 9231bis.
  • the message layer security section of the Common Profile was clarified and better specified.
  • the Common Profile and the Four Corner Topology profile enhancement were updated to mandate the use of the type attribute on PartyId, originalSender and finalRecipient.
  • the SBDH profile enhancement was removed, clarifying that either SBDH or XHE can be used as regular payloads without the need for any further specifications.
  • the Alternative Elliptic Curve Cryptography Option profile enhancement lists additional mandatory curves to support and allows the use of further optional curves.

Read more about some of these updates in the disposition of public review comments published with the previous consultation on the AS4 2.0 profile.


Please post your comments on this page or send them to EC-EDELIVERY-SUPPORT@ec.europa.eu with  with [eDelivery AS4 profile version 2.0] in the title of the email.

...