...
Type of meeting: Gotomeeting (https://www.gotomeet.me/peppoledelivery)
Participants and absents
Chair
Berg, Hans <hans.berg@tickstar.com> as eDelivery Community Leader
...
Langøy, Bård <bard.langoy@pagero.com>
Agenda
- Define a way how to support SHA2 algorithms in PEPPOL AS2 profile
- Based on "eDelivery Capability extension work group" result document, chapter 3.2 (see file at the bottom of this page).
- Migration plan is needed
Background
PEPPOL AS2 profile mandates the use of "SHA 1" as the message digest algorithm for the non-repudiation of receipt.
...
The original documents created by the eDelivery Capability Extension work group are attached at the bottom of this page for reference.
Discussion
- Current PEPPOL AS2 specification 1.01 references RFC 3851 - S/MIME 3.1 Message Specification
- RFC 3851 (dated July 2004) allows for SHA2 algorithms, but only on a voluntary basis
- https://www.ietf.org/rfc/rfc3851.txt
- RFC 5751 (dated Jan 2010) obsoletes RFC 3851 - S/MIME 3.2 Message Specification:
- https://tools.ietf.org/html/rfc5751
- It mandates the use of SHA 256 and makes the support for SHA1 and MD5 optional
- The names of the MIC algorithms changes (RFC 3851: "sha256"; RFC 5751: "sha-256"), so it's easy to identify what version is used
- All changes from RFC 3851 are documented in chapter 1.6 - https://tools.ietf.org/html/rfc5751#section-1.6
Proposal
To change the usage of SHA1 to SHA 256 in the PEPPOL AS2 profile the following steps are suggested:
...
- The usage of a separate transport profile (like "busdox-tansport-as2-ver1p0r1") is not favoured, because it would have implications not only on all APs but also on all SMPs.
-- EoD
Attachments
Attachments |
---|