Topic: Has anyone done a CHALLENGE before?

I'm working on building an OFX library currently.  Yah, I know that there's another library already out there I could probably use, but I'm not sure it attempts to do what I'm doing here.  Which is starting to make me think that what I'm trying to do is impossible...

This is the request I'm trying to issue against my bank:

OFXHEADER:100
DATA:OFXSGML
VERSION:160
SECURITY:NONE
ENCODING:UTF-8
CHARSET:NONE
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:30fea0c2-3232-4bf0-bbff-b78eaabe6781

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20101219012408
<USERID>anonymous00000000000000000000000
<USERPASS>anonymous00000000000000000000000
<LANGUAGE>ENG
<APPID>MONTK
<APPVER>0001
</SONRQ>
<CHALLENGETRNRQ>
<TRNUID>890b2877-3eb7-4481-a4dd-eb3b502cb329
<CHALLENGERQ>
<USERID>5871209
</CHALLENGERQ>
</CHALLENGETRNRQ>
</SIGNONMSGSRQV1>
</OFX>

I have already successfully gotten a PROF response from them, which does show that they accept (and would appreciate?) a TYPE1 login:

<SIGNONMSGSET>
<SIGNONMSGSETV1>
<MSGSETCORE>
<VER>1
<URL>https://mybank.com/ofx/ofx.dll
<OFXSEC>TYPE1
<TRANSPSEC>Y
<SIGNONREALM>ULTDUA
<LANGUAGE>ENG
<SYNCMODE>LITE
<RESPFILEER>Y
<SPNAME>ULTRADATA Corporation
</MSGSETCORE>
</SIGNONMSGSETV1>
</SIGNONMSGSET>

However, all attempts to issue the above query result in a "400 Request file format error" message.

I've gone over the syntax (in NOTEPAD) dozens of times now, gone over the DTD, modified the SSL implementation I'm using to restrict it to the 7 ciphers that OFX permits, set the security in the header to TYPE1, etc.

I must admit I'm a bit confused as to how to assemble this kind of request.  The spec (2.5.1) doesn't say that I can use an anonymous SON request with CHALLENGE, but I'm not quite sure what I should put there in its place (TYPE1 is there to protect the password, right?)

I've done plenty of googling, but the majority of the relevant matches simply say "This request is the first step in doing a TYPE1 authentication.  We do not support this request".

I'm hoping this is a stupid typo somewhere.  As stated before I was able to get a PROF response out, but this would also be the first request I made that includes a TRNUID.  Or is this the kind of thing where I should just give up and not support TYPE1 because no one can figure out how this is supposed to work?

This isn't supposed to be a difficult request, it's the next one in the list where things get messy...