[jira] [Comment Edited] (CAMEL-18962) camel-as2 - AS2Consumer always accepts unencrpted/unsigned data

Thu, 23 May 2024 02:50:21 -0700 


    [ 
https://issues.apache.org/jira/browse/CAMEL-18962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848593#comment-17848593
 ] 

Jono Morris edited comment on CAMEL-18962 at 5/23/24 9:49 AM:
--------------------------------------------------------------

I think if the consumer held a certificate for the purposes of authenticating 
message digital signatures it would make sense for authentication to fail for 
if it received an unsigned message.


was (Author: jono):
There's nothing in the AS2 spec that mentions this, and I think this would be a 
feature of Camel's AS2 implementation. 

Looking at the AWS implementation signing is optional and encryption is only 
mandatory when using HTTP; Ref 
[https://docs.aws.amazon.com/transfer/latest/userguide/as2-config-etc.html.]   
I think a site using AS2 would likely be using HTTPS terminating at a 
corporate-gateway/tls-proxy.  Additionally they could also be using 
signatures/encryption for compliance to industry standards, e.g. PCI, SOX etc., 
and they'd probably be audited for this.

> camel-as2 - AS2Consumer always accepts unencrpted/unsigned data
> ---------------------------------------------------------------
>
>                 Key: CAMEL-18962
>                 URL: https://issues.apache.org/jira/browse/CAMEL-18962
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-as2
>            Reporter: dennis lucero
>            Priority: Minor
>
> When setting up an AS2Cosumer (server) security is important. Thus in mind 
> AS2 should use encryption and signing to verify the incoming data before 
> processing it (or supplying the message for further processing). That assures 
> that the originator of the data is a trusted party.
> Camel AS2 consumer accepts encrypted and signed data and at least decryption 
> is working.
> *Problem*
> The problem is that the consumer also accepts unencrypted data. So even if I 
> only want to receive encrpyted data from a trusted party, some third party 
> disguised as the trused party, could send a malicious unencrypted payload  
> and the server would just accept and process it.
> For example sending plain data with the content type "application/edifact" is 
> always accepted.
> *Possible solution*
> The consumer should be configurable what content type is allowed. Also the 
> already existing producer-parameter "as2MessageStructure" may be used for 
> that purpose.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to