[ https://issues.apache.org/jira/browse/CAMEL-18962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848593#comment-17848593 ]
Jono Morris edited comment on CAMEL-18962 at 5/23/24 10:02 AM: --------------------------------------------------------------- I think if the consumer held a certificate for the purposes of authenticating message digital signatures it would make sense for authentication to fail if it received an unsigned message and return an "Error: authentication-failed". (This disposition-modifier is mentioned in the spec for when the receiver can't authenticate the sender.) Probably the same for decryption. There's a "Error: description-failed" disposition-modifier in the spec also for the the receiver can't decrypt the message. was (Author: jono): I think if the consumer held a certificate for the purposes of authenticating message digital signatures it would make sense for authentication to fail if it received an unsigned message and return an "Error: authentication-failed". (This disposition-modifier is mentioned in the spec for when the receiver can't authenticate the sender.) > camel-as2 - AS2Consumer always accepts unencrpted/unsigned data > --------------------------------------------------------------- > > Key: CAMEL-18962 > URL: https://issues.apache.org/jira/browse/CAMEL-18962 > Project: Camel > Issue Type: Improvement > Components: camel-as2 > Reporter: dennis lucero > Priority: Minor > > When setting up an AS2Cosumer (server) security is important. Thus in mind > AS2 should use encryption and signing to verify the incoming data before > processing it (or supplying the message for further processing). That assures > that the originator of the data is a trusted party. > Camel AS2 consumer accepts encrypted and signed data and at least decryption > is working. > *Problem* > The problem is that the consumer also accepts unencrypted data. So even if I > only want to receive encrpyted data from a trusted party, some third party > disguised as the trused party, could send a malicious unencrypted payload > and the server would just accept and process it. > For example sending plain data with the content type "application/edifact" is > always accepted. > *Possible solution* > The consumer should be configurable what content type is allowed. Also the > already existing producer-parameter "as2MessageStructure" may be used for > that purpose. > -- This message was sent by Atlassian Jira (v8.20.10#820010)