Date: 2018-11-09
Time: 1415:00-16:00 CEST
Type of meeting: Gotomeeting (https://global.gotomeeting.com/join/704521469)
...
Berg, Hans <hans.berg@tickstar.com> as eDelivery Community Leader
Participants
Collanus, Risto <risto.collanus@visma.com>
Helger, Philip <philip.helger@brz.gv.at>
Langøy, Bård <bard.langoy@pagero.com>Risto Collanus (Visma / Maventa) eDelivery/TICC CMB
Bård Langöy (Pagero) eDelivery/TICC CMB
Jesper Larsen (Unlicensed) (OpenPEPPOL Operating Office)
Jerry Dimitriou (OpenPEPPOL Operating Office)
Erlend Klakegg Bergheim (Deactivated) (Difi)
Agenda
- SSL certificate policy
PEPPOL Policy
...
Information items
Decisions
...
for transport security
- Self signed certificates are not allowed (as mentioned in the PEPPOL AS2 specs)
- The SSL certificate has to be recognised by both Java and Microsoft since at least 6 months.
- Grade "A" TLS configuration according to SSL Labs (https://www.ssllabs.com/ssltest)
- Access points are not allowed to tamper with provided trust lists.
- A PEPPOL Access Point not graded "A" is considered to be unavailable with regards to the Transport Infrastructure Agreement.
Decisions
- The present TICC CMB members (Risto Collanus, Bård Langöy, Hans Berg) unanimously decided to adopt the above policy.
Action items
- Bård Langöy will draft the policy until next week.
Attachments
Attachments |
---|