Date: 2018-12-04
Time: 14:30-15:30 CEST
Type of meeting: Gotomeeting (https://global.gotomeeting.com/join/704521469)
Participants and absents
Chair
Hans Berg as eDelivery Community Leader
Participants
Risto Collanus (Visma / Maventa) eDelivery / TICC CMB
Bård Langöy (Pagero) eDelivery / TICC CMB
Philip Helger (BRZ) eDelivery / TICC CMB
Jesper Larsen (Unlicensed) (OpenPEPPOL Operating Office)
Mikael Aksamit (OpenPEPPOL Operating Office)
Erlend Klakegg Bergheim (Deactivated) (Difi)
Jens Aabol (Unlicensed) (Difi)
Anderz Petersson (DIGG)
Clara Wadman (Unlicensed) (DIGG)
Nihad Hodzic (Unlicensed) (ERST)
Background to PEPPOL PKI v.3 migration
- Improved security. The v.2 PKI infrastructure is based on SHA-1 cryptography, which is strongly discouraged for use due to its security risks. The v.3 PKI infrastructure is based on certificates supporting SHA-256 cryptography which currently is the recommended web standard.
Agenda
- PKI v.3 migration
- Decide on which actions to take if a service provider does not comply with the timeline set out in PKI Certificate Migration 2018.
- T1 (Sep 3, 2018): APs must be able to receive transactions signed with either v.2 or v.3.
- T2 (Dec 1, 2018): APs must send with v.3.
- Decide on which actions to take if a service provider does not comply with the timeline set out in PKI Certificate Migration 2018.
PEPPOL Policy for transport security
- Self signed certificates are not allowed (as mentioned in the PEPPOL AS2 specs)
- The SSL certificate has to be recognised by both Java and Microsoft since at least 6 months.
- Grade "A" TLS configuration according to SSL Labs (https://www.ssllabs.com/ssltest)
- Access points are not allowed to tamper with provided trust lists.
- A PEPPOL Access Point not graded "A" is considered to be unavailable with regards to the Transport Infrastructure Agreement.
Decisions
- The present TICC CMB members (Risto Collanus, Bård Langöy, Hans Berg) unanimously decided to adopt the above policy.
Action items
- Bård Langöy will draft the policy until next week.
Attachments