Feb 22, 2019 News

Release of PEPPOL Policy for Transport Security 1.0

 

The OpenPEPPOL eDelivery Change Management Board (TICC CMB) is pleased to announce the release of:

 

PEPPOL Transport Security Policy 1.0

 

Background:

 

Operators (SML, SMP, AP) within the PEPPOL Trust Network are required to manage two different types of certificates:

 

  • TLS Certificate, used on transport level to provide a standard solution for securing server authentication, message confidentiality and authentication
  • OpenPEPPOL Certificate, used on application level, to secure that only authorized and approved operators are operating within the PEPPOL eDelivery Network.

 

 

This policy document deals with the TLS Certificates that are managed and issued by third party Certificate Authorities.

 

The document covers 4 distinct policies on the use of TLS certificates and TLS configurations in order to:

 

  • Limit disruptions in traffic between operators.
  • Provide good security requirements for both current and future demands.

 

The document can be found on:

https://github.com/OpenPEPPOL/documentation/tree/master/TransportInfrastructure