...

1. Version 0.9.2: remove it
2. 4.2. Configuration of Transport Level Security (TLS): Allow port 443 and port range 44300-44399.
3. 4.7. Use of PEPPOL PKI: Add the sentence "AS4 message level encryption MUST be used even though TLS is used."
4. Section 4.4 Feedback when receiver is not serviced: Explain what MSH means and that the meaning of "Payload" is the SBDH. Maybe find a better term for "custom validations" as it might be misinterpreted.
   
5. Section 4.4 Feedback when receiver is not serviced: Sentence number 2, change it to "If a MSH is able to validate the SBDH payload inside the AS4 User Message during the ebMS message processing, it is RECOMMENDED that the Access Point includes the check on the addressee."
6. Section 4.5 Party Identification: Ask Martin Forsberg to Elaborate on why he has requested if "PMode.Initiator.Role and Responder. Role could be assigned more generic identifiers".
7. Section 4.6 Service, action and role: Replace "PEPPOL BIS" with "business documents"
8. Section 4.10 Message packaging: Add sentence that "compress first, then encrypt"
9. Section 4.2 Configuration of Transport Level Security (TLS): Add sentence "TLS v1.2 MUST be supported. Older versions (SSL v2, SSL v3, TLS 1.0 and TLS 1.1) MUST NOT be used. Versions newer than TLS v1.2 might be used upon mutual agreement via the TLS handshake."

10. Feedback when receiver is not serviced

Proposal

-- EoD

Attachments

...