...
Background to PEPPOL PKI v.3 migration
- Improved security. The v.2 PKI infrastructure is based on SHA-1 cryptography, which is strongly discouraged for use due to its security risks. The v.3 PKI infrastructure is based on certificates supporting SHA-256 cryptography which currently is the recommended web standard.
...
- Learn more on PKI Certificate Migration 2018.
Agenda
- PKI v.3 migrationService provider compliance
- Decide on which actions to take if a service provider does not comply with the timeline set out in PKI Certificate Migration 2018.
- T1 (Sep 3, 2018): APs must be able to receive transactions signed with either v.2 or v.3.
- T2 (Dec 1, 2018): APs must send with v.3.
- Decide on which actions to take if a service provider does not comply with the timeline set out in PKI Certificate Migration 2018.
PEPPOL Policy for transport security
- Self signed certificates are not allowed (as mentioned in the PEPPOL AS2 specs)
- The SSL certificate has to be recognised by both Java and Microsoft since at least 6 months.
- Grade "A" TLS configuration according to SSL Labs (https://www.ssllabs.com/ssltest)
- Access points are not allowed to tamper with provided trust lists.
- A PEPPOL Access Point not graded "A" is considered to be unavailable with regards to the Transport Infrastructure Agreement.
Decisions
- The present TICC CMB members (Risto Collanus, Bård Langöy, Hans Berg) unanimously decided to adopt the above policy.
Action items
...
Decisions
- -
Action items
- -
Attachments
| Attachments |
|---|