Professional Documents
Culture Documents
Standardisation in Europe
Work-plan & Current Status
G Endersz
7 June 2000
EESSI:
EESSI
European Telecommunications
Standards Institute
G Endersz
7 June 2000
hand-written signature
Annex II:
G Endersz
7 June 2000
Trustworthy
system
Time
Stamp
Qualified certificate
Creation
device
Signature
creation process
and
environment
Signature
format
and syntax
CEN E-SIGN
User/signer
ETSI ESI
Signature
validation
process and
environment
Relying party/
verifier
7
G Endersz
7 June 2000
Relying Party
Issuing CSP
Directory
RA
Baseline Requirements
Security Management
PKI
Organisational
Requirements on
Specific QC Policy
9
G Endersz
7 June 2000
10
G Endersz
7 June 2000
11
G Endersz
7 June 2000
12
G Endersz
7 June 2000
G Endersz
7 June 2000
13
14
I/O
HI
HI
Operation
trusted path
trusted
TOE
SSCD
The Scenario
The SSCD is the device
getting in touch with the
private key.
SCOPE OF PP
Addressed by PP
Installation
I/O
HI
SSCD
TOE
15
Methods of Use
HI
HI
Verification Data
Trusted
Path*
Trusted
Path*
Verification Data
SSCD MoU2
Personalisation
SCA
UDO / SDO
Trusted
Path**
SSCD MoU3
User
Authentication
Signature-Creation
Personalisation
SCA
UDO / SDO
Trusted
Path**
User
Authentication
Signature-Creation
SSCD MoU1
SCDGA
SVD into Cert.
Trusted
Path
SVD Export
Trusted
Path
SVD Import
SVD Import
SCDGA
SVD into Cert.
Trusted
Path
SVD Export
17
Forms OF ETSI ES
Electronic Signature (ES), which includes the digital
signature and other basic information provided by the
signer
ES with Timestamp (ES-T), which adds a timestamp to
the Electronic Signature, to take initial steps towards
providing long term validity
ES with Complete validation data (ES-C), which adds to
the ES-T references to the complete set of data
supporting the validity of the electronic signature (i.e.
revocation status information)
Extended ES-X to append and/or timestamp PKI
verification data
Archive ES-A to overlay an ES-C or ES-X using stronger
algorithms
18
19
.
Elect. Signature (CMS with signed attributes)
Signature
Policy ID att
Id-of signing
Certificate att
Signing time
Attribute
Message
Digest
Attributes
Content Type
Attributes
Digital
Signature
20
ES-C
ES-T
Elect. Signature (CMS signed attributes)
Signature
Policy ID att
Other Signed
Attributes
Digital
Signature
Unsigned
attribute:
Timestamp
over digital
signature
Unsigned
Attribute:
Complete
certificate
and
revocation
references
21
Time-stamped ES-C
ES-X
ES-C
Elect. Signature (ES)
Signature
Policy ID
Other Signed
Attributes
Digital
Signature
Timestamp
over digital
signature
Complete
certificate
and
revocation
references
Timestamp
over ES-C
22
G Endersz
7 June 2000
23
Issues
Identification of subjects: in person?
Naming: the need for unique, permanent, borderless electronic identity
Management of cryptographic requirements
How can the relying party verify (on-line) the CAs
living conformance with the requirements
Requirements for other than QC: alternative trust
levels
Harmonisation of activities on Signing Policy with
IETF and on XML version of ES with W3C
Timeliness: do IETF drafts for QC and Time Stamp
become stable this fall?
G Endersz
7 June 2000
24
Coming Events
Stable drafts to be presented at CEN/ISSS and ETSI
meetings in Stockholm, 19-21 June. Joint session on
Requirements for CSPs, 20 June
Requirements for CSPs available for public comments
from ETSI El-Sign Website early July
EESSI full day Workshop in Barcelona, 26 September.
Co-located with the Information Security Solutions
Europe (ISSE) conference, 27-29 September
G Endersz
7 June 2000
25
References
ETSI:
http://www.etsi.org/sec/el-sign.htm
Sign up from Web-site to open El Sign mailing list
CEN:
http://www.cenorm.be/isss/workshop/e-sign
EESSI:
http://www.ict.etsi.org/eessi/EESSI-homepage.htm
ISSE Conference & Workshops:
http://www.eema.org/isse
G Endersz
7 June 2000
26
Acknowledgements
G Endersz
7 June 2000
27