We have received reports that the OCSP Responder certificate has expired for the Access Point CA Pilot/TEST infrastructure.
|This may cause validation errors in the pilot environments for implementations that perform certificate revocation checks via the OCSP protocol.||
We are right now analyzing the issue and have raised a support case with Symantec.
As a work around, revocation checks can be performed via the CRL mechanism.
|19/06/2015||Critical updates of datacenter on the SML database server||
The SML registration services will be unavailable on Sunday, June 21st from 10h00 to 18h00 CET.
The DNS lookup for exchange of transactions in the network is NOT affected by the services update.
|26/09/2014||Critical Security Issue with the SML servic||
The SML service is affected by “ShellShock” security incident (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271).
Therefore it was decided between OpenPEPPOL and BRZ to take down the SML service OUTSIDE business hours, from today 26.09.2014 until at least next Friday (3.10.2014).
This means the SML service is shutdown today, Friday 26.9.2014 at 21:00 CEST.
This means that registration, modification and deletion of PEPPOL participants and PEPPOL SMPs (publishers) is only possible Mo-Fr from 9:00-17:00 CEST.
This effects both SML and SMK (SML test version)
Important note: the DNS system is not effected. That means the exchange of business documents is possible at all times.
|Until 3.10.2014 BRZ is supposed to provide a new system that is secured against this attack.
As of now (Friday evening) it cannot be 100% guaranteed that the new system will be ready on 3.10.2014 but we do everything we can so that it will be available.
At the date of transitioning to the new system, there will be an additional 1 hour downtime to migrate the data from the old system to the new system. You will be notified of that additional downtime separately.
|19/20.5.2014||Maintenance work to all PEPPOL DNS servers||
- Monday 19.5.2014, 17:00 – 23:00 CEST: Software upgrade of Secondary Slave DNS (cna-gdwi-2.cna.at)
- Tuesday 20.5.2014, 17:00 – 23:00 CEST: Software upgrade of Master DNS (cna-gdwi-0.cna.at) – no modifications possible!
The goal of this maintenance is to install patches and update RAID controller firmware of BRZ DNS servers.
Consequences and details:
- Tuesday, June 20th from 17:00-23:00 CEST no registration of new participants (or any other DNS modification) will be possible- All PEPPOL DNS entries are readable on all servers not under maintenance
- Service providers don’t need to take special test actions.
- During the time of the maintenance the transmission of documents MAY be limited if a non-standard DNS-configuration is used.
|All Service Providers should:
- Check that they are using the Hostnames of the DNS servers to query them, and NOT the IP addresses, as they may change without further notice
|8.4.2014||START/Validation||Due to interoperability issues with the START protocol when receiving Access Points reject messages this action is agreed by all PEPPOL Authorities concerning Validation of payload.||APs must not validate the incoming document and reject the document at the protocol level. To ensure the transfer of valid documents and reduce the support tasks the validation should be implemented in the process as early as possible. It is strongly recommended that all the sending APs do validation and this approach will be further adopted in the PEPPOL TIA. To facilitate the handling of later validation by APs the “Message Level Response” profile can be part of the solution.
|8.4.2014||OpenSSL||A security issue concerning OpenSSL (TLS heartbeat) that may compromise confidentiality of SSL encryption has been published: http://www.openssl.org/news/vulnerabilities.html
OpenPEPPOL Service Provides running Access Point Services using OpenSSL certificates may be affected.
|OpenPEPPOL Service Provides running Access Point Services using OpenSSL certificates are requested to verify the issue and take the necessary steps to resolve it.
SML service operation notice
An upgrade to a new BIND version of all BRZ (PEPPOL) DNS servers will take place according to the following schedule:
- 10.9.2013, 17:00 – 23:00 CEST: Upgrade of Secondary Slave DNS (cna-gdwi-2.cna.at)
- 12.9.2013, 7:00 – 12:00 CEST: Upgrade of Primary Slave DNS (cna-gdwi-1.cna.at)
- 17.9.2013, 17:00 – 23:00 CEST: Upgrade of Master DNS (cna-gdwi-0.cna.at) – no modifications possible
To all Service Providers:
1. Check that they are using the Hostnames of the DNS servers to query them, and NOT the IP addresses, as they may change without further notice2. Use the Server “cna-gdwi-0.cna.at” as the master querying server
|To be completed 17.9.2013|
|30.5.2013||BusDox||Discrepancies between BusDox specifications and current implementations of services||
Download document for details and status.
|SML||SML maintenance notice:
On Saturday May 25th, 2013 a maintenance of the BRZ (PEPPOL) DNS servers will take place.
The maintenance is scheduled between 9:00 and 13:00 CEST.
The goal of this maintenance is to migrate the PEPPOL DNS zone “peppolcentral.org” to a different primary DNS server.
DNS maintenance, according to plan - PEPPOL participants not to be effected.