Participants and absents

Chair

Hans Berg <hans.berg@tickstar.com> as eDelivery CC Leader

Elected members (with voting right)

Kristiansen, Olav Astad <Olav.AstadKristiansen@difi.no>

Oriol Bausà Peris <oriol@invinet.org> (did not take part in agenda item #4)

~~Sven Rostgaard Rasmussen <svrra@digst.dk>~~

Observers (without voting right)

~~Rapisarda Isabella <isabella.rapisarda@consip.it> as Pre-award CC Leader~~

~~Sören Pedersen <Soren.Pedersen@esv.se> as Post Award CC Leader~~

Agenda

Approval of agenda
Approval of minutes from previous meeting
Follow up on decisions and action items from previous meeting
AP and SMP Testing Workgroup: revised mandate
Info: PEPPOL TVR - Technical Validation Response (this topic blocks the release of SBDH 1.0.1 specs)
TLS version to be used in OpenPEPPOL (now: "SHOULD use TLS v1.2 where possible as described in RFC 5246" according to AS2 specs). (Any discussion and decision on this topic has to be taken without the involvement of Hans Berg)
Info: PKI status
Info: PEPPOL eDelivery Security Team (TLS>1.2, Meltdown, Spectre)
BIS 3.0 issue: Endpoint (AP) ID list (https://openpeppol.atlassian.net/browse/TICC-9)
PEPPOL Directory status update
CSU (Capability Specification Upgrade for SMP and SML to BDXR 1.0 specs), mandate proposal sent by Philip on Dec 5 2017.
Code List Team leader
Scheduled meetings:

Agenda item #6
- "Every AS2 based AP MUST support TLS 1.2 for secure end to end transmission."
- Having in mind that TLS 1.3 will be published most likely 2018, and TLS 1.1 is still good to go.
- ==> add this to the PEPPOL AS2 spec, publish, give 3 month time to ensure this is possible
Topic #9
- PEPPOL Policy for identifiers need to be updated (already started) => v4
- Thomas Jorgenssen and Philip Helger already started describing the necessary processes (as part of the codelist team)
Topic #10
- Tickstar is working on PD integration
- Norway is working on PD integration
- RFC from Belgium - multilingual entity names necessary because they have 4 different official languages - Ger needs to handle it

Topic # 9: TICC CMB decided that it would be good if OpenPEPPOL would manage the code lists given that there are appropriate resources at hand in the Code List Team:
1. endpoint scheme id's
2. tax exemption reason codes
Topic #4: There has been a proposed change by Anna-Lis Berg regarding the WG Mandate. Olav will formulate it and distribute by e-mail.

Topic # 11: OASIS SMP specs: Olav to check if Erlend can take on this role (possibly shared with Martin Forsberg, ESV).
Topic #12: Code list team: Hans to continue to check with Bård Langöy at Pagero and Thomas Jörgensen at Truecommerce for the Code List Team Leader role.
Topic #6 (Note: Hans Berg did not take part in this discussion and decision): in the next CMB a decision on updating the AS2 spec according to the information item in this document (Hans has no voting rights in the next CMB meeting)
Topic # 7: Hans to tell Anna-Lis to share the new Root Cert public keys (root, AP and SMP), prepare a form for SPs to verify that they have
1. received and understood the steps to take related do the PKI upgrade
2. verify that they have implemented the new Root Certificate
Topic #8: Hans has reached out to Steve Graham, NHS since he has indicated they might have resources to lead a Security Team. Awaiting his response.
Topic #4: WG Mandate was approved via e-mail on Jan 16 by all CMB members except Olav. Feedback on the mandate was sent from Anna-Lis Berg to Hans Berg on Jan 23. Olav will distribute a new mandate proposal (for a new CMB decision).

-- EoD