Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication Authority 2001 05-08 György Endersz, Telia Research AB, Sweden Chairman ETSI ESI Working Group [email protected]Deliverables and Current Activities
32
Embed
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Telia Research ABGyörgy Endersz
2001-05-08
1
European Electronic Signature Standardisation Initiative
EESSI Budapest Seminarat the Hungarian Communication Authority
2001 05-08
György Endersz, Telia Research AB, SwedenChairman ETSI ESI Working Group
The SSCD is the device „getting in touch“ with the private key.
The SSCD comprises the whole lifecycle.
The SSCD assumes an appropriate environment for its application.
Trusted paths are offered to meet security requirements.
Telia Research ABGyörgy Endersz
2001-05-08
18
Electronic Signature Formats
•Defines interoperable syntax and encoding for signature, validation data and signature policy. Builds on exiting PKI and digital signature standards
•Format part approved by the IETF as an Informational RFC, the Signature Policy part as an IETF Experimental Protocol
•Co-operative implementation project in preparation to validate standard and provide free software
•Aim: to harmonise development with XML signatures and create XML version (Phase 3) action.
Telia Research ABGyörgy Endersz
2001-05-08
19
.
Id-of signingCertificate att
DigitalSignature
Elect. Signature (CMS with signed attributes)
SignaturePolicy ID att
Signing timeAttribute
Content TypeAttributes
MessageDigest
Attributes
ES = The ETSI Electronic Signature as generated by the signer.
ETSI Electronic Signature
Signers Structures
Telia Research ABGyörgy Endersz
2001-05-08
20
. ES-C
Other SignedAttributes
DigitalSignature
ES-TElect. Signature (CMS signed attributes)
SignaturePolicy ID att
UnsignedAttribute:Completecertificate
andrevocationreferences
Unsignedattribute:
Timestampover digitalsignature
ES-T = The ETSI Timestamp Electronic Signature. Timestamp attribute may be absent, if secure records prove the time of the ESES-C = The ETSI complete Electronic Signature with references to all information needed to check its validity
ETSI ES-T and ES-C
Verifiers Structures
Unsigned attributes added for long term verification
Telia Research ABGyörgy Endersz
2001-05-08
21
Format and Protocol for Time Stamp
Profile based on current IETF PKIX draft
Time stamps used for signature validation, e.g. in ES 201 733 Electronic Signature Formats
Harmonisation of ISO-IETF activities: IETF draft may become a compatible subset of the ISO specifications
Telia Research ABGyörgy Endersz
2001-05-08
22
Roadmap of Phase 3 Activities (2001)
Signature creation process and environment
Signature valida-tion process and environment
Signature format *and syntax in XML
SignatureCreationdevice *
AlternativeRequirements for CSPs *
Trustworthy Systems *
Certification Service Provider
User/Signer
Relying Party/Verifier
Qualified certificate Time Stamping Format&Protocol
Time Stamping Authority
Requirements for TSAs *
* Phase 3
CA status and validation by RP *
Telia Research ABGyörgy Endersz
2001-05-08
23
EESSI Phase 3 Activities (2001)
CEN/ISSS: Security Requirements for Trustworthy systems
- Finalisation of the General Security Requirements - Protection Profile for Cryptographic Modules used by CSPs
Security requirements for Signature Creation Devices in different environments and types of use
- Guidance for writing Security Targets for different types of SSCDs, such as smart cards, mobile
phones and PDAs - Security requirements for SCDs in e-commerce
using 5.2 signatures
Telia Research ABGyörgy Endersz
2001-05-08
24
Phase 3 Activities…..
Security Requirements for Cryptographic Modules
- Common Criteria PP to protect the CA private key and the certificate signing process
- International harmonisation: the aim is to liase with NIST
- CC MRA: Arrangement on the Mutual Recognition of CC Certificates in the Field of IT Security
Telia Research ABGyörgy Endersz
2001-05-08
25
Phase 3 Activities…..
ETSI ESI WG: Security management and certificate policy for
CSP issuing Trusted Time-Stamps
Requirements for CSPs issuing certificates, which meet classes of requirements different from those for qualified certificates
Electronic Signature syntax and encoding formats in XML
Technical aspects of signature policies
Harmonised provision of CSP status information
Telia Research ABGyörgy Endersz
2001-05-08
26
CSP status information for Relying Parties
National schemes include procedures to make such information available, e.g. CSP not able to fulfill obligations, failed audit, etc. Gray zone between accreditation/supervision and technical interoperation
A framework and simple formats and mechanisms are needed to store and retrieve such information so as to become available (on-line) over domain borders
Work item to assess infrastructure and interoperability requirements and suggest solutions.
Co-operation with national schemes via EESSI and ESI membership
Telia Research ABGyörgy Endersz
2001-05-08
27
CA (TSP) Status information
Signature creation process and environment
Signature valida-tion process and environment
SignatureCreationdevice *
User/Signer
Relying Party/Verifier
Qualified certificate
CA status and validation by RP
CA
CA status info provider
Telia Research ABGyörgy Endersz
2001-05-08
28
CA (TSP) Status information
Items to harmonise regarding status info:
• Content and format
• Distribution, storage and management
• Technical means to find, access and validate information
• Measures to ensure trust and security
Telia Research ABGyörgy Endersz
2001-05-08
29
Phase 3 Activities…….
Algorithm Group
Expert group providing guidance on cryptographic algorithms and parameters in EESSI standards.Regular review and maintenance of specifications
Reference implementation of ES Format standard
Funded activity with the aim of validating the standards ES-format, QC-profile and Time Stamp. Promote applications by releasing source code.
Telia Research ABGyörgy Endersz
2001-05-08
30
Phase 3 Activities……
Currently discussed
•Use of smart cards for creating electronic signatures
• Requirements for CSPs issuing attribute certificates
•Signature policy for common business practices
Telia Research ABGyörgy Endersz
2001-05-08
31
International Perspectives
Recognition of conformance to SSCD requirements CC MRA: Arrangement on the Mutual
Recognition of CC Certificates in the Field of IT Security
Similar ambition with Trustworthy Systems
Cross-recognition of “certification policy”Assessment of policy mapping between US
FederalPKI and ETSI-EESSI requirements
Harmonization of interoperability standardsUse of existing standards (ISO, IETF), liaisons
under development (W3C, WAP Forum, EDI/XML) and submissions to IETF
Telia Research ABGyörgy Endersz
2001-05-08
32
References
ETSI:http://www.etsi.org/sec/el-sign.htmSign up from Web-site to open El Sign mailing