Page Comparison

...

1. Create a new version of the PEPPOL AS2 specification (e.g. v1.2 - not v1.1!) that references RFC 5751 instead of RFC 3851; maybe add a note what the implications are (SHA-256 mandatory)
2. Decide on a point in time where only the new algorithm names (with '-') will be supported
3. Define a grace period, where sender must be able to support both versions of the algorithm names (with '-' and without '-')
   1. By default the message should be send with "sha-256" algorithm
   2. If that fails, than the sender must fall back to "sha1" algorithm
   3. The implications are: each sending AP must be able to fallback (at a certain point in time)
4. Starting on X 1^st, senders and receivers MAY start using "sha-256", receivers may start supporting "sha-256"
5. Starting on Y 1^st, all receivers MUST support "sha-256" in parallel to "sha1"
6. Starting on Z 1^st, all sender MUST only send "sha-256"; therefore receivers can drop support for "sha1"
7. ==> Between X 1^st and Z 1^st, AP clients must be able to fallback from "sha-256" to "sha1"

...