Date: 2018-11-09

Time: 15:00-16:00 CEST

Type of meeting: Gotomeeting (https://global.gotomeeting.com/join/704521469)

Participants and absents

Chair

Berg, Hans <hans.berg@tickstar.com> as eDelivery Community Leader

Participants

Risto Collanus (Visma / Maventa)

Bård Langöy (Pagero)

Jesper Larsen (Unlicensed) (OpenPEPPOL Operating Office)

Jerry Dimitriou (OpenPEPPOL Operating Office)

Erlend Klakegg Bergheim (Deactivated) (Difi)

Agenda

1. SSL certificate policy

PEPPOL Policy for transport security

1. Self signed certificates are not allowed (as mentioned in the PEPPOL AS2 specs)
2. The SSL certificate has to be recognised by both Java and Microsoft since at least 6 months.
3. Grade "A" TLS configuration according to SSL Labs (https://www.ssllabs.com/ssltest)
4. Access points are not allowed to tamper with provided trust lists.
5. A PEPPOL Access Point not graded "A" is considered to be unavailable with regards to the Transport Infrastructure Agreement.

Decisions

• The present TICC CMB members (Risto Collanus, Bård Langöy, Hans Berg (Unlicensed)) unanimously decided to adopt the above policy.

Action items

• Bård Langöy will draft the policy until next week.

Attachments

	File	Modified

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.

No files shared here yet.

Drag and drop to upload or browse for files

Upload file

File description