Mobile ID

At the moment no technical difficulties are known.

Signature Service

At the moment no technical difficulties are known.

Smart Registration Service

At the moment no technical difficulties are known.

Service State Smart Registration Service updated

04. December 2020

The State of Smart Registration Service changed from yellow to green

Service State Signature Service updated

04. December 2020

The State of Signature Service changed from yellow to green

Service State Signature Service updated

04. December 2020

The State of Signature Service changed from green to yellow

Technical News on our Servcies

  • Mobile ID
  • Signature Service
  • Smart Registration Service

Technical updates - Mobile ID

No updates available

Technical updates - Signature Service

Signature Service: Mobile ID App is now available in all EU stores

06. November 2020, EU

The Mobile ID app is now in all EU stores available (play store, iOS app store)

AIS: Adaptation of the TLS protocol

29. October 2020, worldwide

Company Swisscom will change its TLS protocols and will no longer support unsecure TLS protocol versions and cryptographic processes. The change will take place on Oct. 29th, 2020 at 10pm. The following will change:

  1. No longer support of TLS Version 1.0
  2. No longer support of TLS Version 1.1
  3. No longer support of following TLS-Version 1.2-Cryptography:
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA

Please check your TLS connections to us! This is the new configuration with the remaining supported chiffres after the change:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA

Der Vollständigkeit nach ist dies die aktuelle Liste der Verschlüsselungssammlungen, die mit dem entsprechenden Protokoll aktiviert sind:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES

 

 

Thes suites will be removed:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES

Video Identification Switzerland: Expiration of the Covid-19 Exception

02. October 2020, Switzerland

In April 2020, the Swiss Federal Council issued a temporary Covid-19 based adjustment of the Federal Ordinance VZertES based on the Swiss Federal Act on the Signature SigE (ZertES). This new regulation made it possible to register for the qualified electronic signature (QES) by video identification, even outside the application by financial intermediaries (e.g. banks). As the Corona situation has changed, the Swiss Federal Council will most likely not extend the temporary VZertES regulation adjustment further, so that the exemption will be lifted from 2 October 2020. As a result, all registrations made by video in Switzerland by the Smart Registration Service (SRS) and not by video identification of financial intermediaries in the period from April to October 2020 will no longer be approved for qualified electronic signature (QES) according to SigE/ZertES, but only for advanced electronic signatures. This means that all these signatories must re-register in order to receive a QES for the Swiss legal area again. This can easily be carried out by the signers in certain Swisscom shops in Switzerland throughout the country or at RA offices that use Swisscom's RA app.

The registrations for the QES applicable in the European legal area in accordance with the eIDAS Regulation remain in place, so no new registration is required here.

Please inform your customers and partners in Switzerland if a video identification, for example, via our video identification landing page or through another SRS provider was performed and a signature according to ZertES (Switzerland) is still necessary.

Technical updates - Smart Registration Service

Registration Service: Mobile ID App is now available in all EU stores

06. November 2020, EU

The Mobile ID App is now in all European play stores and iOS app stores available!

Maintenance on Okt. 14th between 4:00 and 5:00 AM

09. October 2020

Due to maintenance work on the messaging services on Oct. 14th between 4:00 and 5:00 AM, the service will be temporarilly unavailable.

SRS, RA-Service, Docusign: Adaptation of the TLS connections

29. October 2020, worldwide

Company Swisscom will change its TLS protocols and will no longer support unsecure TLS protocol versions and cryptographic processes. The change will take place on Oct. 29th, 2020 at 10pm. The following will change:

  1. No longer support of TLS Version 1.0
  2. No longer support of TLS Version 1.1
  3. No longer support of following TLS-Version 1.2-Cryptography:
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA

Please check your TLS connections to us! This is the new configuration with the remaining supported chiffres after the change:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA

Der Vollständigkeit nach ist dies die aktuelle Liste der Verschlüsselungssammlungen, die mit dem entsprechenden Protokoll aktiviert sind:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES

 

 

Thes suites will be removed:

 

SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES

Certificate updates

New CA4 in October

15. February 2021, Switzerland

The new CA4

The new rules and regulations require certification service providers and trust service providers to use better algorithms to ensure the trustworthiness of signatures in the future. Swisscom will first replace the root certificate authority instance (CA) for Switzerland (CH jurisdiction) and later also for the EU (eIDAS jurisdiction), thereby adapting the entire certificate chain and providing for the new algorithms. This concern, on the one hand, the so-called "padding algorithm" which will switch from currently SASSA-PKCS1 v1_5 to RSASSA-PSS, and on the other hand the key length, which will be increased from 2048 to 3072.

What are the implications?

  • The size of the signature in the signed document changes, i.e. the signature takes up more space. Since signature applications make estimates to the best of their knowledge of how much space a signature requires, it may be that this estimate is no longer correct and therefore a signature is no longer possible.
  • If you use standard applications that display trusted signatures, such as Adobe Reader, the latter will continue to trust the signatures. However, if you have special applications that first require the root certificate of the certificate chain for trustworthiness, you must reinstall it.

When will the changes take effect?

We are planning a changeover in quarter I/II 2021. In addition to the existing account ("ClaimedID") we will issue a new ClaimedID based on the new certificate chain to customers. After 2-3 months we will switch off the old ClaimedIDs. In this respect, it is possible to test and switch individually during this period of time.

What do you need to do?

If you are the developer of the signature application you are using, you should observe the notes on the development information page https://github.com/SCS-CBU-CED-IAM/AIS/wiki/Swisscom-CA-4 . Otherwise, you should inform the partner which provided you with the signature application. At the same time, however, we will also inform all our partners.

We will inform you with further details in February 2021.