AS3
Applicability Statement 3. The FTP transport profile of the AS family, with S/MIME security and MDN acknowledgment. Marginal adoption.
Definition
AS3 is defined by RFC 4823 (April 2007), FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet. Its principle:
- The EDI payload (EDIFACT, X12, XML) is encapsulated in S/MIME — typically
application/pkcs7-mimesigned and encrypted (PKCS #7 / CMS). - The S/MIME message is dropped onto an FTP server (or FTPS / SFTP, AS3 allows the three variants depending on configuration).
- A Message Disposition Notification (MDN) is returned, either synchronously or asynchronously.
- Non-repudiation proof comes from the signed MDN, which transports the original message's MIC (Message Integrity Check) — exactly like in AS2.
Origin
AS3 was born in late 2007 in the same IETF EDIINT series as AS1 (RFC 3335, SMTP) and AS2 (RFC 4130, HTTP/S). The goal: offer an FTP-friendly alternative to AS2 for organisations whose infrastructure was still centred on FTP servers. In practice, adoption remained confidential: AS2 dominates internet EDI, and the move to AS4 (since 2015 in PEPPOL) absorbs the modernisation demand. AS3 survives in some North American pharmacy and grocery niches.
Example in context
A US pharmacy chain sends an EDIFACT order to a manufacturer. The partner mandates AS3. The sender wraps the EDIFACT message in S/MIME signed+encrypted, drops the .pkcs7 file on the third-party operator's FTPS server. The manufacturer pulls it, verifies the signature, decrypts, processes, then drops a signed MDN on the sender's FTPS server. The non-repudiation proof is the archived pair {`message, signed MDN`}.