DRAFT FOR EDI WOKING GROUP - NOT FOR GENERAL DISTRIBUTION
Request for comments on draft ETSI standard:
"POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING PUBLIC KEY
CERTIFICATES"
The ETSI Electronic Signatures Infrastructure Working Group has drafted a
standard, which is based on TS 101 456 - Policy requirements for CAs issuing
qualified certificates, but specifies policy requirements for CAs supporting
the broad range of applications of public key certificates. This includes
certificates used to support electronic signatures, digital signatures,
encryption, key exchange and key agreement mechanisms
COMMENTS ARE REQUESTED BY 14TH SEPTEMBER. Details of how to obtain a copy
of this document and submit comments are given towards the end of this
message.
The specification presents sets of requirements for different quality
levels, including a ?Normalised? level which is similar to that offered by
qualified certificates (as defined in the Electronic Signatures Directive)
conforming to on TS 101 456.
COMMENTS ARE SOUGHT PARTICULARLY ON THE FOLLOWING POINTS:
- A number of requirements have been selected for splitting into
alternatives, according to the different quality levels. Others are the same
for all levels. Selection criteria have been either critical effects of the
sensitivity of the service with regard to cost or/and security. Comments are
asked for about the selection of split requirements.
- Each quality level should represent a consistent set of requirements.
Consistency is related to threats and risks involved with the environment of
the service. Comments based on different business scenarios would help in
order to address wide segments of practical applications with the
requirements.
- Another aspect to consider is the relevance of the selected levels: are
they optimal from a market point of view or other level(s) may be more
useful?
This draft specification is being made publicly available for review and
comment by any company or organisation with interest in this area. A copy
can be obtained through the ETSI El Sign web site (see below).
BACKGROUND
The development of this standard policy document is one of the tasks the
ETSI Electronic Signature and Infrastructure Working Group is progressing
within the European Electronic Signature Standardisation Initiative (EESSI).
The ETSI El Sign Web-site (see below) provides further information about the
ETSI activities and the EESSI program.
REQUESTED ACTION.
Please send your comments and suggestions not later than 14th September to
the ETSI El Sign e-mail list EL-SIGN(_at_)LIST(_dot_)ETSI(_dot_)FR, with copy
to the editor
on POPE(_at_)SECSTAN(_dot_)COM(_dot_) Please put "NonQCP" at the front of the
Subject field
of all submissions to the e-mail list on this topic.
To register with the EL-SIGN list and download the draft document
(STF178Task2Draft.pdf) see:
http://www.etsi.org/sec/el-sign.htm
The purpose of the open e-mail list is to stimulate discussion of the
published comments and contributions. Therefore, early submissions are
welcome. We expect that discussions will go on through the open e-mail list
under and after the comments period.
With regards
Nick Pope, Security & Standards
Editor - Policy Requirements for CAs issuing public key certificates
pope(_at_)secstan(_dot_)com
and
György Endersz, Telia Research AB
Chair ETSI ESI Working Group
gyorgy(_dot_)g(_dot_)endersz(_at_)telia(_dot_)se