TLS, STARTTLS, PDF/UA

Netherlands considers four standards for its mandatory list

06/06/2018

The Dutch Standardisation Forum (Forum Standaardisatie) plans to add four standards to the list of open standards to be used by government IT systems, and to drop one existing standard. The Forum is calling for experts to help assess the impact this would have on organisations, and the technological consequences. Specialists need to register before 14 June if they want be involved in the impact assessments.

The Standardisation Forum is considering adding PDF/UA, TLS1.3, STARTTLS and DANE to the standards on its ‘comply or explain’ list.

Implementing PDF/UA helps improve the readability of PDF documents for users with disabilities. Starting in July, a new law requires improved accessibility for documents published on Dutch government websites.

TLS 1.3 provides encryption for Internet connections. The best known example is the protocol, which leverages TLS to provide secure connections for the web. TLS can also be used to provide cryptographic protection for other Internet protocols via STARTTLS which is used for example in mail transfer (SMTP and IMAP).

The Standardisation Forum is considering adding DANE, which uses DNS and DNSSEC, the latter being the secure version of the Internet domain name infrastructure, to link TLS certificates and domain names. This creates a way to cryptographically identify individual Internet servers. In the future it may replace the flawed certificate system currently incorporated in web browsers.

Close to 80% of government domains now implements Dnssec.

Consequences

In addition, the Standardisation Forum wants to remove the Stosag standard, a specification of terms and definitions used in waste management from its list of open standards. The current version is outdated and should be removed. The Forum says there is no active Stosag community, and can not justify replacing it with the updated version. 

Experts selected to advise on the consequences of these changes will be invited to a three-hour meeting in The Hague in June. The Forum estimates that an additional two hours will be needed for preparation and to review the meeting report afterwards.

The Standardisation Forum is one of the partners of the Joinup government digitalisation knowledge transfer and collaboration platform, and publishes its list of standards on Joinup.

From the "about" page on the Standardisation Forum (on Joinup):

The goal of the Dutch government policy on open standards is to promote interoperability of the Dutch public and semi-public sectors, while at the same time ensuring provider independence. Interoperability means the ability to exchange data electronically; in this case between government bodies and businesses, between government bodies and civilians, and between government bodies.

The Dutch ‘comply or explain’ list is used as input for a similar list managed by the Swedish National Procurement Services (Statens inköpscentral).

Dutch Standardisation Forum - "Comply or explain"-standards

More information:

Announcement by the Standardisation Forum (in Dutch)

Comments

Thu, 14/06/2018 - 08:57

Thank you for providing this news on the evolution of the Dutch 'comply or explain' list for open standards.

A small correction with respect to STARTTLS and DANE. Both standards are altready on the Dutch 'comply or explain' list for incoming e-mail only. The Standardisation Forum now starts an open procedure for making STARTTLS and DANE also mandatory for *outgoing* e-mail.

As for Stosag, this a standard for information exchange between chipcards and underground waste containers, chips on waste containers and waste collection trucks, and between the trucks and back office. The Forum Standardisation is starting a procedure to remove Stosag 1.0 from the 'comply or explain' list as this version is outdated and has known privacy issues. The market has already adopted version 2.1 of the standard. The Forum Standardisation will consider placing version 2.1 on the 'comply or explain' list if the Stosag community requests this, but no such request has been received so far despite repeated appeals.

Login or create an account to comment.