michał tabor - common signcommonsign.eu/wp-content/uploads/2017/10/04_stan... · ts 119 102-2...
TRANSCRIPT
Stan normalizacji usług zaufaniaMichał Tabor
O mnie
Ekspert ds. identyfikacji, uwierzytelnienia i podpisu elektronicznego
Kierownik badań i rozwoju Partner
RzeczoznawcaCzłonek komitetu normalizacyjnego
Normalizacja eIDAS w Europie
TC ESI Electronic Signatures and Infrastructures
TC 224 Personal identification and related personal
devices with secure element, systems, operations and privacy in a multi sectorial
environment
Zrozumieć oznaczenia standardów
DD L19 xxx-z
019 for ETSI Special Reports (SR)119 for ETSI Technical Specification (TS) and Technical Report (TR)219 for ETSI Standard (ES) and ETSI Guide (EG)319 for ETSI European Standard (EN)419 for CEN Technical Report (TR), Technical Specification (TS) or European Standard (EN)
eIDAS Standards Framework
6
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Trust services for:Issuing certificatesTime Stamping Signature creation servicesValidation services
Trust services for:Registered eDelivery / eMailLong term preservation
Signing Devices
419 2xxCC Protection ProfilesQSCD - Smart CardsHSM used as QSCDHSM used by TSPsRemote QSCD
Signature Creation & Validation
x19 1xx
Procedures for AdEScreation & validation
Formats:XAdES (XML)CAdES (CMS)PAdES (PDF)ASiC (containers)
Cryptographic suites
119 3xx Signature suites- Hash- Asymmetric crypto- Key generation- Lifetime
Standards framework
Common definitions
Guides
List of approved QTSPs & services supervised by National Bodies
119 0xx
Żródło: ETSI.
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI TR 119 001 V1.2.1 (2016-03)The framework for standardization of signatures; Definitions and abbreviations
ETSI TR 119 000 V1.2.1 (2016-04)The framework for standardization of signatures: overview
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI TR 119 100 V1.1.1 (2016-03)Guidance on the use of standards for signature creation and validationETSI TS 119 101 V1.1.1 (2016-03)Policy and security requirements for applications for signature creation and signature validationETSI EN 319 102-1 V1.1.1 (2016-05)Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and ValidationETSI EN 319 122-1 V1.1.1 (2016-04)CAdES digital signatures; Part 1: Building blocks and CAdES baseline signaturesETSI EN 319 132-1 V1.1.1 (2016-04)XAdES digital signatures; Part 1: Building blocks and XAdES baseline signaturesETSI EN 319 142-1 V1.1.1 (2016-04)PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures…. (łącznie 38 standardów)
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI TS 119 312 V1.2.1 (2017-05)Cryptographic Suites
ETSI TR 119 300 V1.2.1 (2016-03)Guidance on the use of standards for cryptographic suites
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI TR 119 400 V1.1.1 (2016-03)Guidance on the use of standards for trust service providers supporting digital signatures and related servicesETSI EN 319 421 V1.1.1 (2016-03)Policy and Security Requirements for Trust Service Providers issuing Time-StampsETSI EN 319 422 V1.1.1 (2016-03)Time-stamping protocol and time-stamp token profilesETSI EN 319 412-1,2,3,4,5 V1.1.1 (2016-02)Certificate Profiles; Part 1: Overview and common data structures Part 2: Certificate profile for certificates issued to natural personsPart 3: Certificate profile for certificates issued to legal persons Part 4: Certificate profile for web site certificatesPart 5: QCStatementsETSI EN 319 403 V2.2.2 (2015-08)Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service ProvidersETSI EN 319 401 V1.1.1 (2013-01)General Policy Requirements for Trust Service Providers supporting Electronic Signatures
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI SR 019 510 V1.1.1 (2017-05)Electronic Signatures and Infrastructures (ESI); Scoping study and framework for standardization of long-term data preservation services, including preservation of/with digital signatures
Opublikowane standardy ETSI
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
ETSI TS 119 614-1 V1.1.1 (2016-06)Testing Conformance and Interoperability of Trusted Lists; Part 1: Specifications for testing conformance of XML representation of Trusted Lists
ETSI TS 119 612 V2.2.1 (2016-04)Trusted Lists
ETSI TR 119 600 V1.2.1 (2016-03)Guidance on the use of standards for trust service status lists providers
Validation Report-TS 119 102-2
Wymagania dot. walidacji -TS 119 441/2
Trwające prace ETSI / CEN
Trust applicationservice providers
x19 5xx
TSPs supporting digital signatures
x19 4xx
Trust service status lists
119 6xx
General Framework
Signing Devices
419 2xx
Signature Creation & Validation
x19 1xx
Cryptographic suites
119 3xx
119 0xx
Żródło: ETSI.
Certyfikaty wspierającePSD2 - TS 119 495
Podpisy zdalne – wymagania EN 419 4xx
Wymagania w zakresiekonserwacji TS 119 511/2
Wymagania dla dostawców usług zaufaniawydających certyfikaty - EN 319 411-1/2
Podpisy zdalne –wymagania TS 119 431/2
Forum eIDAS_PLForum wymiany wiedzy w zakresie Rozporządzenia eIDAS w Polsce
Spotkanie jest nagrywane w zakresie publikowanych slajdów, głosu osób wypowiadających się a także na wizerunku osób prezentujących.
Uczestnictwo w spotkaniu oznacza wyrażenie zgody na opublikowanie ww. informacji.
eIDAS Twitter: @eIDAS_PLPytania i uwagi: [email protected]: http://yammer.com/eidaspl
PYTANIA I ODPOWIEDZI
Prace ETSI w toku• Updates to TSP Policy Requirements: EN 319 411-1/2
• Support for PSD2 use of Qualified certificates
• Signature Validation
• Remote signing• CEN Standards• ETSI Standards
• Electronic Registered Delivery and Registered Electronic Mail Services
• Long term (signature) preservation
• Using Trusted Lists
• Internationalisation
• Use of Existing and upcoming Standards as QSealCD15
Żródło: ETSI.
Updates to TSP Policy Requirements:EN 319 411-1/2
• Each individual requirement clearly identified
• Alignment with CA Browser Forum (EVCG V.1.6.1 for ECVP and BRG v1.4.2)
• Several detailed clarifications
• OCSP & CRL: OCSP recommended (not mandated),support for long term validation,details on OCSP requirements
• Clearly identify requirement relating to a specific component
Under EN approval: Ballot close End Nov
Documents (with revisions marked):https://docbox.etsi.org/esi/Open/Compared_deliverables
16
Żródło: ETSI.
Qualified Certificates under PSD2 new
Background
• Directive 2015/2366/EU aimed at regulating “payment services”
• Draft Regulatory Technical Standards:– High level technical requirements for:
• strong customer authentication• common and secure open standards of communication
– Final publication by commission due November 2017– Requires use of qualified Certificates for secure communications & transactions
between payment service providers:• Web site authentication certificates• e-Seal certificates
– Requires PSD2 Specific certificate attributes • Identifies member state competent authority • Payment services authorised
17
Żródło: ETSI.
Signature Validation
• Standards being developed:– TS 119 102-2: Validation Report– TS 119 441: Policy requirements for TSPs providing Signature validation
services– TS 119 442: Protocol for signature validation services
• Protocol features:– Supports both XML and JSON exchanges– Aligned with OASIS DSS
• Timescale– Stable draft for review: Dec 2017– Publication: Sept 2018
• Open Workshop– 10th January 2018
18
Remote SigningCEN Standards for Trustworthy Systems
• Draft CEN Standards:– prEN 419 241-1: General System requirements
– prEN 419 241-2: Protection Profile for QSCD for Server Signing
– prEN 419 221-5: Cryptographic module
• Authentication can be delegated to an Identity Provider outside QSCD
• Timescale:– EN 419 241-1: 1st round agreed with minor revisions, final approval by end 2017
– EN 419 241-2: 1st round agreed subject to evaluation under Common criteria, aim final approval Q1 2018
– EN 419 221-5: Final approval by end 2017
19
© ETSI 2017. All rights reserved
ETSI Signature Creation Protocols & TSP Component Policy Requirements
• Standards being developed:– TS 119 431-1: Policy and security requirements for TSP service
components operating a remote QSCD / SCD– TS 119 431-2: Policy and security requirements for TSP service
components supporting AdES digital signature creation– TS 119 432: Protocols for remote digital signature creation
• Timescale– Started work on detailing scope– Funded STF activity started: Oct 2017– Stable draft for review: June 2018– Publication: Nov 2018
20
© ETSI 2017. All rights reserved
Electronic Registered Delivery and Registered Electronic Mail
• Existing standards:– TS 102 640 (parts 1 to 6) Registered Electronic Mail
• Standards being developed– EN 319 522: Electronic Registered Delivery Services
– EN 319 532: Registered Electronic Mail (REM) Services
– EN 319 521: Policy and security requirements for Electronic Registered Delivery Service Providers
– EN 319 531: Policy and security requirements for Registered Electronic Mail Service Providers
– TS 119 524: Testing Conformance and Interoperability of Electronic Registered Delivery Services
– TS 119 534: Testing Conformance and Interoperability of Registered Electronic Mail Services
• Timescale– Stable draft of ENs for review: End Oct 2017
– EN approval starts: End April 2018
– ENs published : Feb 2019
© ETSI 2017. All rights reserved
21
Long term (signature) preservation
• Work started:– TS 119 511 Policy & security requirements for trust service providers
providing long-term preservation of digital signatures or unsigned data using signature techniques
– TS 119 512 Protocols for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques
• Time scale:– Stable draft for review April 2018– Publication: November 2018
© ETSI 2017. All rights reserved
22
Forum eIDAS_PLForum wymiany wiedzy w zakresie Rozporządzenia eIDAS w Polsce
Spotkanie jest nagrywane w zakresie publikowanych slajdów, głosu osób wypowiadających się a także na wizerunku osób prezentujących.
Uczestnictwo w spotkaniu oznacza wyrażenie zgody na opublikowanie ww. informacji.
eIDAS Twitter: @eIDAS_PLPytania i uwagi: [email protected]: http://yammer.com/eidaspl
PYTANIA I ODPOWIEDZI