Call for Comments on draft ETSI Electronic Signature Standard
Note: This message is posted to the following IETF mailing lists:
XML DIG-SIG: w3c-ietf-xmldsig(_at_)w3(_dot_)org
If you subscribed to these mailing lists, you will receive the
message for each of them. Sorry for the inconvenience.
ETSI has issued the draft "Electronic signature standardisation
for business transactions", ETSI ES 201 733 for a last round of
comments, before asking its members to vote on the document.
The draft standard (108 pages - 428 ko) is available from:
The document has been developed by the ETSI SEC working group on
Electronic Signature and Infrastructures, as part of the European
Electronic Signature Standardisation Initiative (EESSI). It is
issued as a draft ETSI standard for a last round of comments.
Scope and contents of the draft
The aim of the document is to provide specifications so as to allow
for full compatibility of secure business transactions with regard
to electronic signatures. It covers all types of business
transactions, between an individual and a company, between two
companies, between an individual and a governmental body, etc...
Being independent of any platform, it can be applied to any
environment, such as smart cards, GSM SIM cards, etc.
Business actors, using different products, will be able to complete
secure transactions by relying on the standard in order to create,
read, interpret and validate electronic signatures. The standard
offers simple and more advanced forms of signatures according to the
signature policy, the latter in order to meet requirements of
The document defines:
· Formats for various forms of Electronic Signatures,
· An experimental format for Signature Policies.
The format of Electronic Signatures uses the existing Cryptographic
Message Syntax (CMS), as defined in RFC 2630, and Enhanced Security
Services (ESS), as defined in RFC 2634. It uses signed and unsigned
attributes defined in CMS, ESS and the present document.
The signature policy is a set of rules for the creation and
validation of an electronic signature, under which the signature can
be determined to be valid. It may be defined in free text or using
formal syntax and semantic. In the first case the validation of an
Electronic Signature may be done using a specific validation box
that must conform to the description of the signature policy while
in the second case the validation may be done using a generic
validation box able to process any signature policy.
Informative annexes describe:
· an example structured content,
· the relationship between the present document and the European
draft directive on electronic signature and associated
· APIs to support the generation and the verification of
· Cryptographic algorithms that may be used,
· Guidance on naming.
In order to get a broader feedback from the technical and business
communities ETSI has chosen to place the document in the public
domain for comments rather than to limit it to its membership.
Comments are welcome until October 31, 1999. After processing the
comments the document will be placed on vote to become an ETSI
standard, with the future option to seek acceptance by other
Comments may be sent to the EL-SIGN mailing list.
Before sending a message to the list, you need to subcribe
to that mailing list: copy and paste the following command
in the body of a message:
SUBSCRIBE EL-SIGN (First and Last name)
replace "first and last name" with your name and send it to:
Then you may send a message to the list at :
Mail archive are available at: http://list.etsi.fr/el-sign.html
The web page from ETSI on Electronic Signature (ES) Standardisation
About ETSI SEC
ETSI SEC is the technical body within ETSI carrying the main
responsibility for security infrastructures and services in the
telecom environment. As such, ETSI SEC devotes special interest to
interoperability issues at the communication and transaction levels
as well as to relevant aspects of trust relationships. One of the
ETSI SEC working groups, the Electronic Signature and
Infrastructures (ESI) WG is in charge of present and future ETSI
activities related to the EESSI work program.