© etsi 2012 all rights reserved european union mandate/460 kloster banz 11.09.2013 presented by...
TRANSCRIPT
© ETSI 2012 All rights reserved
EUROPEAN UNION MANDATE/460
Kloster Banz 11.09.2013
Presented by Arno Fiedler, Member of European Telecommunications Standards InstituteElectronic Signatures and Infrastructures, Specialist Task Force 458
1. ETSI activities
2
Standards in support of EU regulation
Interoperability Testing
Standards for global ICT markets
© ETSI 2012. All rights reserved
GSM, DECT, TETRA, 3GPP: UMTS, LTE,
ESI:TSL, XAdES, PAdES, REM
1. ETSI Electronic Signatures and Infrastructures (ESI) TC
Since 2000 ETSI/ESI plays a key role in the development of electronic signature related standards:• Signature formats: XAdES (TS 101 903) ->ISO, CAdES (TS 101 733) ->ISO, PAdES (TS 102 778) ->ISO and
ASiC (TS 102 918) and related profiles• Trust Service Provider (TSP) Status Information (TSL, TS 102 231)• Policy requirements for CAs: TS 102 042, TS 101 456 (Qual. Cert.)• TSA policy requirements: TS 102 023• Certificate profiles: TS 101 862 (Qual. Cert.), TS 102 280 (Nat. Persons)• Registered Electronic Mail (eDelivery): TS 102 640 (multipart)• Data preservation: TS 101 533-1, TR 101 533-2• Algo paper: TS 102 176
Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests eventsLOI with CA/B-Forum
3
Consistency & formal (efficient) mapping
Realizations, consistency and mapping of efficient Legal, Technical, Trust and Promotional frameworks are key success factors to convince market & business
stakeholders of the possible ROI of eSignatures securing their eProcesses.
Sound Standardization Framework• Covering whole range of ES prod / serv.,
ES types and types of CSPs• Business practice driven
• Appropriate guidance• International dimension
Sound CSPs &Trust Services Provisioning market for interoperable and
cross-border use eSignatures
Sound Trust Framework
• Supervision of CSPs• Voluntary accreditation
• Trust Status Lists• Application labelling
2. Crobies Study in 2010: Key success factors for eSignatures
Promotion
Sound Legal Framework
• Different level of ES• Range of ES prod/serv.• Different types of CSPs• International dimension
3.1 New approach for legal framework: Draft EU EIDAS- Regulation
© ETSI 2012. All rights reserved5
June 2012 – EU Commission publish first draft regulation “on electronic identification and trust services for electronic transactions in the internal market”.
Added Mutual recognition of electronic identification [E-ID]Extended Supervision of “Certification Service Providers”
to “Trust Service Providers”, includes “proactive supervision”Qualified Electronic trust services:
• Electronic signatures interoperability and usability,• Electronic seals interoperability and usability,• Time stamping,• Electronic delivery service, • Electronic documents admissibility, • Website authentication.
3.2 Standards Framework I:M460 European Commission mandate
EC founded eSignatures standardization activities 4 years: 2011-2015 1st phase (executed)
definition of a rationalized standardization framework, in collaboration with CEN
several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications
2nd phase (now) implement the rationalized standardization framework support the new EU Regulation on electronic identification and trust
services for electronic transactions in the internal market (exp. approval in 2014)
6
3.2 Standards Framework IIMandate/460
Signature Creation & Validation
11
Signature Creation Devices 22 Cryptographic
Suites33
Trust ApplicationService Providers
55
TSPs supporting eSignature
44
Trust Service Status Lists Providers66
• Rules & procedures• Formats • Signature Creation / Validation Protection Profiles
• XAdES (XML)• CAdES (CMS)• PAdES (PDF)• AdES in Mobile envmts• ASiC (containers)
•Made by CEN: •SSCDs (e.g. SC)• HSMs & other SCDs
• Key generation• Hash functions• Signature algorithms• Key lengths• ...
• Registered eMail• Long term preservation
• Issuing certificates• Time-stamping• Signing Servers• Validation Services
• List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists)
AFTER Mandate 460
Signature Creation & Validation
TSPs supporting eSignature Trust Application Service Providers
Trust Service Status Lists Providers
Signature Creation Devices Cryptographic Suites
TSPCertificates TSSP SGSP SVSP Registered eMail Information Preservation
CAdES XAdES PAdES ASiC …
SSCD Suites Requirements
Guidance
Other SCDs
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
4. Next Steps
© ETSI 2012. All rights reserved9
In Spring 2013 EU Commission published new 2nd draft regulation “on electronic identification and trust services for electronic transactions in the internal market”.Under EU Mandate 460 (2013 to 2015) ETSI commissioned to produce
European Norm for TSP Conformity AssessmentEuropean Norms for Best Practices (Policy Requirements)Qualified Certificates for Personal SigningQualified Certificates for organisational “seals”Qualified Time-stamping ServicesQualified Website Certificates (should be EN 319 411-4)………….
5. Summary
© ETSI 2013. All rights reserved10
The new draft EU-Regulation will deliver a complete legal and trust framework for Proactive Supervision on “qualified level”
ETSI and CEN standards will be a fundamental part in future EU legislation (delegating acts).
but: “relying parties (in Europe!) have to consume the Trust we provide”
Thank you !
ETSI Download :http://pda.etsi.org/pda/queryform.aspEnter keyword / title / document number
Draft EU Regulation:http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF
Contact:Arno Fiedler: STF 458 [email protected]ñigo Barreira: STF 458 [email protected] Pope: Lead STF 458 (TSP & e-Signature standards) [email protected]
© ETSI 2012 All rights reserved11
© ETSI 2011. All rights reserved12
2. Assessment & Certification – Actual (Best) Practise for SSL
© ETSI 2011. All rights reserved13
2. Assessment & Certification – actual TSP Perspective (german example)