Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

Electronic Signature Electronic Signature infrastructure for Europeinfrastructure for Europe

Riccardo Genghini

Cen/Isss Ws E-Sign Chairman

Electronic Signature Electronic Signature infrastructure for Europeinfrastructure for Europe

Riccardo Genghini

Cen/Isss Ws E-Sign Chairman

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

Dr. Riccardo Genghini - SNGDr. Riccardo Genghini - SNG

Notary Public in Milan – Italy

Uninfo STP Chair 2002

Cen – ISSS E Sign Chair 2001

Liberty Alliance Member

ETSI Member

IT Law research since 1982

www.sng.it

Notary Public in Milan – Italy

Uninfo STP Chair 2002

Cen – ISSS E Sign Chair 2001

Liberty Alliance Member

ETSI Member

IT Law research since 1982

www.sng.it

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

Definition of 5.1 (QES)Definition of 5.1 (QES)

Qualified Electronic Signatures have a functional definition in the 1999/93/EC directive:

They have to “satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data” (art. 5.1).

So they are what ever it is a human signature for the given legal system (i.e. possibly not binding)

Qualified Electronic Signatures have a functional definition in the 1999/93/EC directive:

They have to “satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data” (art. 5.1).

So they are what ever it is a human signature for the given legal system (i.e. possibly not binding)

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

Definition of 5.2 (ES)Definition of 5.2 (ES)

Non qualified electronic signatures are “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (art. 2.1)

This definition includes many different kind of signatures: access control, data origin authentication, data validation, time-stamping, and any other way of “marking data” not necessarily related to the human act of signing

Non qualified electronic signatures are “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (art. 2.1)

This definition includes many different kind of signatures: access control, data origin authentication, data validation, time-stamping, and any other way of “marking data” not necessarily related to the human act of signing

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

EESSI SGEESSI SG

European Telecommunications Standards Institute

Industry and business, assisted by European standard bodies

EESSI European Electronic Signature Standardization Initiative

EESSI European Electronic Signature Standardization Initiative

Comitèe Europèen de Normation Information Society Standardisation System

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

AREA D1-D2

CWA 14167-1 “Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures”

CWA 14167-2 “Security of cryptographic modules”

CWA 14167-3 “ Cryptographic Module for CSP Key Generation Services – Protection Profile CMCKG-PP

AREA D1-D2

CWA 14167-1 “Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures”

CWA 14167-2 “Security of cryptographic modules”

CWA 14167-3 “ Cryptographic Module for CSP Key Generation Services – Protection Profile CMCKG-PP

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

AREA F CWA 14168 “Security Requirements for

Secure Signature Creation Devices” EAL4 CWA 14169 ““Security Requirements for

Secure Signature Creation Devices” EAL4+”AREA G1-G2

CWA 14170 “Security Requirements for Secure Signature Creation Systems”

CWA 14171 “Procedures for Electronic Signature Verification”

AREA F CWA 14168 “Security Requirements for

Secure Signature Creation Devices” EAL4 CWA 14169 ““Security Requirements for

Secure Signature Creation Devices” EAL4+”AREA G1-G2

CWA 14170 “Security Requirements for Secure Signature Creation Systems”

CWA 14171 “Procedures for Electronic Signature Verification”

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

AREA V CWA 14172-1 “Conformity Assessment Guidance -

Part. 1 – General” CWA 14172-2 “Conformity Assessment Guidance –

Part 2 – Certification Authority services and processes”

CWA 14172-3 – “Conformity Assessment Guidance – Part 3 – Trustworthy systems managing certificates for electronic signatures”

CWA 14172-4 – “Conformity Assessment Guidance – Part 4 – Signature creation applications and procedures for electronic signature verification”

CWA 14172-5 – “Conformity Assessment Guidance – Part 5 – Secure Signature Creation Devices”

AREA V CWA 14172-1 “Conformity Assessment Guidance -

Part. 1 – General” CWA 14172-2 “Conformity Assessment Guidance –

Part 2 – Certification Authority services and processes”

CWA 14172-3 – “Conformity Assessment Guidance – Part 3 – Trustworthy systems managing certificates for electronic signatures”

CWA 14172-4 – “Conformity Assessment Guidance – Part 4 – Signature creation applications and procedures for electronic signature verification”

CWA 14172-5 – “Conformity Assessment Guidance – Part 5 – Secure Signature Creation Devices”

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

AREA AA1-AA2 CWA 14355 “Guidelines for the

implementation of Secure Signature Creation Devices”

CWA 14365 “General Requirements for Electronic Signatures”

AREA AA1-AA2 CWA 14355 “Guidelines for the

implementation of Secure Signature Creation Devices”

CWA 14365 “General Requirements for Electronic Signatures”

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Area AB (work in progress): Team 1 Technical Report on advanced and non advanced

electronic signatures and their informative value (relevance as legal evidence)

Area AB (work in progress): Team 1 Technical Report on advanced and non advanced

electronic signatures and their informative value (relevance as legal evidence)

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Area K (work in progress): Team 2 CWA XXXXX “Application Interface for Smartcards

used as Secure Signature Creation Device”

Area K (work in progress): Team 2 CWA XXXXX “Application Interface for Smartcards

used as Secure Signature Creation Device”

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Area L (work in progress): Team 3 “Harmonised provision of Trusted Service

Provider status information”

Area L (work in progress): Team 3 “Harmonised provision of Trusted Service

Provider status information”

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

AREA V (ongoing work): Team 5 Guidance on conformity assessment of Signature Creation

Devices supporting non-qualified electronic signatures (5.2 signatures) against the Protection Profile specified in the CWA of Area AA2 (CWA 14172 Part 6).

Guidance on conformity assessment of Cryptographic Modules for CSP Signing Operations against the Protection Profile specified in CWA 14167-2 of Area D2 (MCSO-PP) (CWA 14172 Part 7).

Guidance on conformity assessment of CSPs issuing public key certificates against the Policy Requirements specified by ETSI STF 178 Task 2 (CWA 14172 Part 8).

Guidance on conformity assessment of Time-Stamping Authorities against the Policy Requirements specified by ETSI STF 178 Task 1 (CWA 14172 Part 9).

AREA V (ongoing work): Team 5 Guidance on conformity assessment of Signature Creation

Devices supporting non-qualified electronic signatures (5.2 signatures) against the Protection Profile specified in the CWA of Area AA2 (CWA 14172 Part 6).

Guidance on conformity assessment of Cryptographic Modules for CSP Signing Operations against the Protection Profile specified in CWA 14167-2 of Area D2 (MCSO-PP) (CWA 14172 Part 7).

Guidance on conformity assessment of CSPs issuing public key certificates against the Policy Requirements specified by ETSI STF 178 Task 2 (CWA 14172 Part 8).

Guidance on conformity assessment of Time-Stamping Authorities against the Policy Requirements specified by ETSI STF 178 Task 1 (CWA 14172 Part 9).

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

CEN WORKSHOP AGREEMENTSCEN WORKSHOP AGREEMENTS

Maintenance of approved EESSI deliverables: Team 4 Deadline 2Q – 3Q 2003

Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts

Maintenance of approved EESSI deliverables: Team 4 Deadline 2Q – 3Q 2003

Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

ETSI ESI TS - TRETSI ESI TS - TR

Phase 3 Publications (1/2)

Policy requirements for time-stamping authorities TR 102 023  (January 2003)Identification of requirements for attribute certification - TR 102 044  (December 2002)Electronic Signature formats version TS 101 733 v 1.4.0 (September 2002)XML format for signature policies - TR 102 038  (April 2002)Policy requirements for time-stamping authorities - TS 102 023  (April 2002) Policy requirements for certification authorities issuing public key certificates - TS 102 042  (April 2002) Policy requirements for certification authorities issuing qualified certificates - TS 101 456 v 1.2.1  (April 2002)

Phase 3 Publications (1/2)

Policy requirements for time-stamping authorities TR 102 023  (January 2003)Identification of requirements for attribute certification - TR 102 044  (December 2002)Electronic Signature formats version TS 101 733 v 1.4.0 (September 2002)XML format for signature policies - TR 102 038  (April 2002)Policy requirements for time-stamping authorities - TS 102 023  (April 2002) Policy requirements for certification authorities issuing public key certificates - TS 102 042  (April 2002) Policy requirements for certification authorities issuing qualified certificates - TS 101 456 v 1.2.1  (April 2002)

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

ETSI ESI TS - TRETSI ESI TS - TR

Phase 3 Publications  (2/2)

Provision of harmonized Trust Service Provider status information - TR 102 030  (April 2002)FAQ (March 2002)International Harmonization of Policy Requirements for CAs issuing Certificates - TR 102 040 (March 2002)Time stamping profile - TS 101 861 v1.2.1 (March 2002)Signature Policies Report - TR 102 041 (February 2002)XML Advanced Electronic Signatures (XAdES) - TS 101 903 (February 2002)Electronic Signature Formats - TS 101 733 v 1.3.1 (February 2002) 

Phase 3 Publications  (2/2)

Provision of harmonized Trust Service Provider status information - TR 102 030  (April 2002)FAQ (March 2002)International Harmonization of Policy Requirements for CAs issuing Certificates - TR 102 040 (March 2002)Time stamping profile - TS 101 861 v1.2.1 (March 2002)Signature Policies Report - TR 102 041 (February 2002)XML Advanced Electronic Signatures (XAdES) - TS 101 903 (February 2002)Electronic Signature Formats - TS 101 733 v 1.3.1 (February 2002) 

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

ETSI ESI TS - TRETSI ESI TS - TR

Phase 1 and 2 Publications

Time Stamping Profile - TS 101 861 v 1.1.1 (September 2001)Qualified Certificate Profile - TS 101 862 v 1.2.1 (June 2001)Policy requirement for certification authorities issuing qualified certificates TS 101 456 v 1.1.1 (December 2000)Qualified Certificate Profile - TS 101 862 v 1.1.1 (December 2000)Electronic Signature Formats - TS 101 733 v 1.2.2 (December 2000)Electronic Signature Formats - ETSI ES 201 733 v 1.1.3 (May 2000)   

Phase 1 and 2 Publications

Time Stamping Profile - TS 101 861 v 1.1.1 (September 2001)Qualified Certificate Profile - TS 101 862 v 1.2.1 (June 2001)Policy requirement for certification authorities issuing qualified certificates TS 101 456 v 1.1.1 (December 2000)Qualified Certificate Profile - TS 101 862 v 1.1.1 (December 2000)Electronic Signature Formats - TS 101 733 v 1.2.2 (December 2000)Electronic Signature Formats - ETSI ES 201 733 v 1.1.3 (May 2000)   

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

ETSI ESI TS - TRETSI ESI TS - TR

Being processed for publication

Signature policy for extended business model - TR 102 045

Pre study on Certificate Profiles  TR 102 153

Maintenance of ETSI standards from EESSI phase 2 and 3 TR 102 046

Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts

Being processed for publication

Signature policy for extended business model - TR 102 045

Pre study on Certificate Profiles  TR 102 153

Maintenance of ETSI standards from EESSI phase 2 and 3 TR 102 046

Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

ETSI ESI TS - TRETSI ESI TS - TR

Approved

Following a request from the EESSI Steering Committee, it was agreed to create a Work Item to publish the EESSI "Algo Paper" as a special report of TC ESI.

Under Approval

There are currently no deliverables in this phase

Draft for public comment

There are currently no deliverables in this phase

Notice !!!

XML interoperability event in Sophia Antipolis (France) 4Q 2003

Approved

Following a request from the EESSI Steering Committee, it was agreed to create a Work Item to publish the EESSI "Algo Paper" as a special report of TC ESI.

Under Approval

There are currently no deliverables in this phase

Draft for public comment

There are currently no deliverables in this phase

Notice !!!

XML interoperability event in Sophia Antipolis (France) 4Q 2003

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March 20 2003

Cen-ISSS E-Sign - ETSI ESICen-ISSS E-Sign - ETSI ESI

•EESSI:http://www.ict.etsi.org/eessi/EESSI-homepage.htm

•CEN:http://www.cenorm.be/isss/workshop/e-sign

•ETSI:http://www.etsi.org/esi/el-sign.htm

http://portal.etsi.org/esi/el-sign.asp

Sign up for the two mailing lists on the respective Web Pages

•EESSI:http://www.ict.etsi.org/eessi/EESSI-homepage.htm

•CEN:http://www.cenorm.be/isss/workshop/e-sign

•ETSI:http://www.etsi.org/esi/el-sign.htm

http://portal.etsi.org/esi/el-sign.asp

Sign up for the two mailing lists on the respective Web Pages