ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

AS2 MDN Validator

Validate an AS2 Message Disposition Notification (RFC 4130) part by part, 100 % client-side. Multipart/report, disposition, MIC, S/MIME signature.

Paste an AS2 MDN (with Content-Type: multipart/report header) to validate it.

How it works

AS2 (Applicability Statement 2, defined by RFC 4130) carries EDI messages (EDIFACT, X12, XML, JSON…) over HTTPS between B2B partners. When a message is received, the recipient returns a Message Disposition Notification (MDN) — synchronous or asynchronous — that structurally attests reception and reports the outcome of application-level processing.

An AS2 MDN is a MIME envelope: multipart/report; report-type=disposition-notification containing two or three parts — a human-readable text body, a structured disposition section (message/disposition-notification), and optionally a detached S/MIME signature (application/pkcs7-signature). The tool parses the whole envelope, extracts the disposition headers, and checks the Received-Content-MIC for shape consistency.

AS2 MDN structure

Content-Type: multipart/report; report-type=disposition-notification;
	boundary="--MDN-Boundary"

----MDN-Boundary
Content-Type: text/plain

The AS2 message <msg-123@sender> was successfully received and processed.
----MDN-Boundary
Content-Type: message/disposition-notification

Reporting-UA: ediverse AS2 / 2.4.0
Original-Recipient: rfc822; ReceiverAS2ID
Final-Recipient: rfc822; ReceiverAS2ID
Original-Message-ID: <msg-123@sender>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-Content-MIC: 5lEovTjVA6VqDIWLDQz97/g6yxc=, sha256

----MDN-Boundary--

The validator reads each part independently, allowing rapid diagnosis of truncated or mis-encoded MDNs: missing boundary, missing disposition part, forgotten Final-Recipient header. Diagnostics are emitted with stable codes (E_NO_BOUNDARY, E_MISSING_FINAL_RECIPIENT, E_BAD_MIC_FORMAT…).

Disposition codes

The Disposition field (RFC 3798 §3.2.6) reports the processing outcome:

Disposition: <action-mode>/<sending-mode>; <type>[/<modifier>]

Examples:
  automatic-action/MDN-sent-automatically; processed
  automatic-action/MDN-sent-automatically; processed/warning
  automatic-action/MDN-sent-automatically; failed/error
  manual-action/MDN-sent-manually; denied
  • processed — success. The message was received and processed; a warning modifier signals a non-blocking issue.
  • failed — failure, typically with the error modifier plus Error: / Failure: extension headers.
  • denied — refused without processing (filter, policy, unknown partner).

MIC and algorithms

The Received-Content-MIC is the cryptographic digest of the original payload computed by the recipient. Format: <base64 digest>, <algorithm>. The sender compares it against the MIC it initially computed to guarantee transport integrity.

AS2-recognised algorithms (RFC 5751):

  • sha256, sha384, sha512 — recommended.
  • sha1, md5 — legacy, cryptographically weak. The tool emits a W_WEAK_MIC_ALG warning.

Limits

  • The validator does not recompute the MIC against the original payload (which is not part of the MDN). Only shape and algorithm are checked.
  • The detached S/MIME signature is detected but not verified: no certificate chain is resolved, no trust anchor is consulted.
  • HTTP transport headers (AS2-To, AS2-From, Disposition-Notification-Options…) are not required — the validator handles the MDN body alone, as it would have been POSTed back synchronously or sent asynchronously.

Privacy

Last updated: May 18, 2026