Telecom Decision CRTC 2017-31
Ottawa, 2 February 2017
File number: 8621-C12-01/08
CISC Business Process Working Group ‒ Consensus report BPRE093c regarding revised Canadian Data Interchange Guidelines
- On 25 November 2016, the CRTC Interconnection Steering Committee (CISC) Business Process Working Group (BPWG) submitted the following consensus report for the Commission's approval:
- Canadian Data Interchange Guidelines (Version 4.1) [BPRE093c]
- This consensus report can be found in the "Reports" section of the BPWG page, which is available in the CISC section of the Commission's website at www.crtc.gc.ca.
- In the report, the BPWG recommended revisions to update and streamline security standards for the electronic exchange of business data among Canadian telecommunications service providers. Specifically, the BPWG proposed to
- disallow the use of self-signed certificates, and require all companies to implement digital certificates provided by a trusted Certificate Authority;Footnote 1
- require compliance with the current Internet Engineering Task Force (IETF)Footnote 2 specification (Request for Comments [RFC] 5246) for cipher security in Transport Layer Security (TLS) 1.2; and
- support the use of test and production AS2Footnote 3 servers.
- The BPWG requested that the Commission approve its proposed revisions and the adoption of the associated updated Canadian Data Interchange Guidelines (the Guidelines).
Commission's analysis and determinations
- In CISC Business Process Working Group – Consensus report BPRE093b regarding revised Canadian Data Interchange Guidelines, Telecom Decision CRTC 2016-150, 26 April 2016, the Commission approved previous updates by the BPWG to the Guidelines (Version 4.0), including disallowance of the use of self-signed certificates and the implementation of digital certificates provided by a trusted Certificate Authority as of 27 June 2016. The above-mentioned revisions remove references to the June deadline now that it has passed.
- Regarding the proposed compliance with RFC 5246, implementation of this standard would ensure that companies can establish a secure session with each other and successfully exchange business data files.
- Regarding the BPWG's proposed use of a single AS2 server for both testing and production activities, this would accommodate smaller companies with limited resources, since they would not have to purchase and maintain separate AS2 servers.
- The BPWG's proposed revisions to the Guidelines will enhance the security of data exchanged between telecommunications service providers. Accordingly, the Commission approves the BPWG's consensus report and the adoption of the revised Guidelines (Version 4.1).
- Date modified: