TICC CMB 2018-01-26 minutes

Date: 2018-01-26

Time: 14:00-16:00 CET

Type of meeting: conference call

Participants and absents


Hans Berg <hans.berg@tickstar.com> as eDelivery CC Leader

Elected members (with voting right)

Kristiansen, Olav Astad <Olav.AstadKristiansen@difi.no>

Oriol Bausà Peris <oriol@invinet.org> (did not take part in agenda item #4)

Helger, Philip <philip.helger@brz.gv.at>

Sven Rostgaard Rasmussen <svrra@digst.dk>

Observers (without voting right)

Rapisarda Isabella <isabella.rapisarda@consip.it> as Pre-award CC Leader

Sören Pedersen <Soren.Pedersen@esv.se> as Post Award CC Leader


  1. Approval of agenda
  2. Approval of minutes from previous meeting
  3. Follow up on decisions and action items from previous meeting
  4. AP and SMP Testing Workgroup: revised mandate
  5. Info: PEPPOL TVR - Technical Validation Response (this topic blocks the release of SBDH 1.0.1 specs)
  6. TLS version to be used in OpenPEPPOL (now: "SHOULD use TLS v1.2 where possible as described in RFC 5246" according to AS2 specs). (Any discussion and decision on this topic has to be taken without the involvement of Hans Berg)
  7. Info: PKI status
  8. Info: PEPPOL eDelivery Security Team (TLS>1.2, Meltdown, Spectre)
  9. BIS 3.0 issue: Endpoint (AP) ID list (https://openpeppol.atlassian.net/browse/TICC-9)
  10. PEPPOL Directory status update
  11. CSU (Capability Specification Upgrade for SMP and SML to BDXR 1.0 specs), mandate proposal sent by Philip on Dec 5 2017.
  12. Code List Team leader
  13. Scheduled meetings:
    1. Fri Feb 9, 14:00-16:00
    2. Fri March 2nd, 14:00-16:00
    3. ..

  1. Any other Business

Topics not discussed

Information items

  • Agenda item #6
    • "Every AS2 based AP MUST support TLS 1.2 for secure end to end transmission."
    • Having in mind that TLS 1.3 will be published most likely 2018, and TLS 1.1 is still good to go.
    • ==> add this to the PEPPOL AS2 spec, publish, give 3 month time to ensure this is possible
  • Topic #9
    • PEPPOL Policy for identifiers need to be updated (already started) => v4
    • Thomas Jorgenssen and Philip Helger already started describing the necessary processes (as part of the codelist team)
  • Topic #10
    • Tickstar is working on PD integration
    • Norway is working on PD integration
    • RFC from Belgium - multilingual entity names necessary because they have 4 different official languages - Ger needs to handle it


  1. Topic # 9: TICC CMB decided that it would be good if OpenPEPPOL would manage the code lists given that there are appropriate resources at hand in the Code List Team:
    1. endpoint scheme id's
    2. tax exemption reason codes
  2. Topic #4: There has been a proposed change by Anna-Lis Berg regarding the WG Mandate. Olav will formulate it and distribute by e-mail.

Action items

  1. Topic # 11: OASIS SMP specs: Olav to check if Erlend can take on this role (possibly shared with Martin Forsberg, ESV).
  2. Topic #12: Code list team: Hans to continue to check with Bård Langöy at Pagero and Thomas Jörgensen at Truecommerce for the Code List Team Leader role.
  3. Topic #6 (Note: Hans Berg did not take part in this discussion and decision): in the next CMB a decision on updating the AS2 spec according to the information item in this document (Hans has no voting rights in the next CMB meeting)
  4. Topic # 7: Hans to tell Anna-Lis to share the new Root Cert public keys (root, AP and SMP), prepare a form for SPs to verify that they have
    1. received and understood the steps to take related do the PKI upgrade
    2. verify that they have implemented the new Root Certificate
  5. Topic #8: Hans has reached out to Steve Graham, NHS since he has indicated they might have resources to lead a Security Team. Awaiting his response.
  6. Topic #4: WG Mandate was approved via e-mail on Jan 16 by all CMB members except Olav. Feedback on the mandate was sent from Anna-Lis Berg to Hans Berg on Jan 23. Olav will distribute a new mandate proposal (for a new CMB decision).

-- EoD