ImageVerifierCode 换一换
格式:PDF , 页数:57 ,大小:322.42KB ,
资源ID:735942      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-735942.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 102 458-2006 Electronic Signatures and Infrastructures (ESI) Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certif_1.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 102 458-2006 Electronic Signatures and Infrastructures (ESI) Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certif_1.pdf

1、 ETSI TR 102 458 V1.1.1 (2006-04)Technical Report Electronic Signatures and Infrastructures (ESI); Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certificate Policy (TS 101 456) ETSI ETSI TR 102 458 V1.1.1 (2006-04) 2 Reference DTR/ESI-000033

2、 Keywords authentication, e-commerce, electronic signature, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 780

3、3/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference vers

4、ion is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of sta

5、tus. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notifica

6、tion No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for

7、 the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 458 V1.1.1 (2006-04) 3 Conten

8、ts Intellectual Property Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions and abbreviations.6 3.1 Definitions6 3.2 Abbreviations .6 4 PKI SUMMARIES.7 4.1 QCP 7 4.2 FBCA CP7 5 Mapping the FBCA CP to the QCP7 5.1 Rating .7 5.2 Summary Assessment.8 5.2.1 Overview 8 5.2.2 Points

9、of Note .10 5.3 Detailed Assessment.10 Annex A: Memo from chair, U.S. Federal PKI Policy Authority56 History 57 ETSI ETSI TR 102 458 V1.1.1 (2006-04) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertain

10、ing to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretari

11、at. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the

12、 updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Introduction In Europe ETSI has specified a framework certificat

13、e policy for Certification Authorities issuing “Qualified Certificates“ 1, commonly referred to as the Qualified Certificate Policy (QCP), which fulfils the requirements of the European Directive on Electronic Signatures 1999/93/EC 1. This provides a unifying framework for Certification Authorities

14、operating in Europe. In the United States of America the Federal Bridge Certification Authority (FBCA) has been established as the unifying element to link autonomous Certification Authorities (CAs) into a systematic overall Public Key Infrastructure (PKI). A Certificate Policy has been published fo

15、r the FBCA specifying requirements for CAs interoperating with the Federal Bridge CA. The FBCA, with the support of ETSI TC ESI, finalized in early year 2004 a map from the requirements specified in the QCP (TS 101 456 2 V1.2.1) to the FBCA Certificate Policy (version 1). The result of this effort w

16、as that the Federal Bridge Certification Authority assessed the requirements in TS 101 456 QCP public as “COMPARABLE“ to those required to achieve the above mentioned Medium level of assurance. This will greatly facilitate Certification Authorities, conformant with the QCP, that intend to collaborat

17、e with CAs abiding by the above FBCA CP with medium level of assurance, to achieve recognition of conformity by FBCA. Since this work was completed new versions of the FBCA Certificate Policy and the ETSI QCP have been issued. In order to facilitate achieving the opposite recognition, that a CA conf

18、ormant with the FBCA Certificate Policy requirement is also conformant with the Qualified Certificate Policy, ETSI implemented the opposite mapping that is presented in the present document. The present document is based on the latest releases of the FBCA Certificate Policy and the ETSI Qualified Ce

19、rtificate Policy. The existing QCP to FBCA Certificate Policy mapping document is also being updated by the FBCA using the latest releases of the two policy documents. ETSI ETSI TR 102 458 V1.1.1 (2006-04) 5 1 Scope The present document compares the United States“ The Federal Bridge Certification Au

20、thority (FBCA) Certificate Policy 3, and the European Qualified Certificate Policy (QCP) as specified in TS 101 456 2 in order to identify to what extent which stipulations FBCA CP match those of QCP. This comparison concentrates on requirements at the medium level of assurance as identified in the

21、FBCA Certificate Policy 3 including the option for “medium hardware“ (equivalent to SSCD) and “medium - Commercial Best Practices“. The present document gives the current results of the comparison following discussions with FPKI experts up to November 2005. Further consideration on some areas is sti

22、ll ongoing and this mapping is subject to further revision. The present document is an opposite of the earlier mapping specified by the US Federal PKI mapping from the QCP into the requirements of the FBCA CP. The purpose of the present document is to facilitate a CA abiding by the QCP to ascertain

23、if QCP requirements, to which it complies, are met by another CA abiding by FBCA CP and therefore to assess if a cross certification can be enacted. It is to be kept in mind that this second CA has to be assessed as compliant by the Federal Bridge Certification Authority. The present document is str

24、uctured as follows: 1) BRIEF ASSESSMENT, which provides for each clause of the QCP a one-word assessment of the similarity of the applicable FBCA CP sections, using a set of well-defined evaluation terms, and identifies any points that should specially noted when applying this map to specific CA pol

25、icies; 2) DETAILED ASSESSMENT, which details the BRIEF ASSESSMENT by breaking down all the relevant requirements in the QCP, grouped by clause, and by listing for each QCP clause the relevant FBCA CP sections and requirements that match to some degree to the corresponding QCP requirements clause; th

26、e same one-word assessment used in the BRIEF ASSESSMENT is complemented, where necessary, with explanatory comments. As a result of this comparison, requirements are identified in the FBCA CP that are of particular note and should be especially considered when applying this map to specific CA polici

27、es. 2 References For the purposes of this Technical Report (TR) the following references apply: 1 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 2 ETSI TS 101 456: “Electronic Signatures and Infrastructures (

28、ESI); Policy requirements for certification authorities issuing qualified certificates“. 3 X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA CP) - Version 2, September 13, 2005. NOTE: This version of the FBCA Certificate Policy replaces earlier version 1 dated September 1

29、0, 2002. 4 ETSI Federal PKI CPWG Mapping Comparison Matrix Between the Federal Bridge Certification Authority (v1) and the European Qualified Certificate Policy (QCP) ETSI TS 101 456 V1.2.1 For Medium Assurance Level Cross Certification. NOTE: This document is in the process of being revised to use

30、the current versions of the FBCA Certificate Policy and the QCP.j. 5 Template for use by the U.S. Federal PKI Policy Authority for Cross-Certifying with U.S. Federal Agencies and other U.S. Federal Entities, with U.S. State and Local Governments and U.S. Private Sector Entities, and with Governments

31、 of other Nations - Memorandum of Agreement. 6 US Government Public Key Infrastructure - Cross Certification Criteria and Methodology Version 1.2 June 2005. ETSI ETSI TR 102 458 V1.1.1 (2006-04) 6 7 ITU-T Recommendation X.509: “Information technology - Open Systems Interconnection - The Directory: P

32、ublic-key and attribute certificate frameworks“. 8 IETF RFC 3647: “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply:

33、certificate policy (CP): named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements (see ITU-T Recommendation X.509 7) Entity CA: CA that acts on behalf of an Entity, and is under the operational contro

34、l of an Entity (FBCA CP) qualified certificate: certificate which meets the requirements laid down in annex I (of the Directive 1) and is provided by a certification-service-provider who fulfils the requirements laid down in annex II (of the Directive 1) Qualified Certificate Policy: QCP public + SS

35、CD: a certificate policy for qualified certificates issued to the public, requiring use of secure signature-creation devices, as defined in TS 101 456 2 subject: entity identified in a certificate as the holder of the private key associated with the public key given in the certificate Subscriber: (1

36、) - the entity whose name appears as the subject in a certificate, who asserts that it uses its key and certificate in accordance with the certificate policy asserted in the certificate, and who does not itself issue certificates. (FBCA CP 3) Subscriber: (2) - entity subscribing with a Certification

37、 Authority on behalf of one or more subjects (TS 101 456 2 Policy requirements for certification authorities issuing qualified certificates) NOTE 1: The subject may be a subscriber acting on its own behalf. NOTE 2: QCP and FBCA CP assign different meanings to “subscriber“. The FBCA CP “subscriber“ i

38、s not clearly differentiated from the term “subject“ whereas the QCP clearly distinguishes the two concepts. The Directive: Directive 1999/93/EC 1 of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures 3.2 Abbreviations For the purposes o

39、f the present document, the following abbreviations apply: CA Certification Authority CP Certificate Policy FBCA Federal Bridge Certification Authority IETF Internet Engineering Task Force MoA Memorandum of Agreement OID Object IDentifier PKI Public Key Infrastructure QCP Qualified Certificate Polic

40、y ETSI ETSI TR 102 458 V1.1.1 (2006-04) 7 4 PKI SUMMARIES 4.1 QCP The QCP is a certificate policy framework for Qualified Certificates issued to the public in compliance with the requirements laid down in annexes I and II of the European Directive on Electronic Signatures 1999/93/EC 1. Qualified cer

41、tificates issued under this policy may be used to support electronic signatures which “satisfy the requirements of a signature in relation to data in electronic form in the same manner as a hand-written signature satisfies those requirements in relation to paper based data“, as specified in article

42、5.1 of the Electronic Signatures Directive. It should be noted that the adoption of this policy is not mandatory and that alternative policies could be prepared so as to be conformant with the referenced Directive 1, although a considerably greater investment of time and resource would be required t

43、o do so. It is also worth noting that several Directive compliant CAs have already adopted QCP as of the moment of publication of the present document. 4.2 FBCA CP Quoted from 3: “This Certificate Policy (CP) defines seven certificate policies for use by the Federal Bridge Certification Authority (F

44、BCA) to facilitate interoperability between the FBCA and other Entity PKI domains. The policies represent five different assurance levels (Rudimentary, Basic, Medium, Medium Hardware, and High) for public key certificates. The level of assurance refers to the strength of the binding between the publ

45、ic key and the individual whose subject name is cited in the certificate, the mechanisms used to control the use of the private key, and the security provided by the PKI itself. The FBCA enables interoperability among Entity PKI domains in a peer-to-peer fashion. The FBCA issues certificates only to

46、 those CAs designated by the Entity operating that PKI (called “Principal CAs“). The FBCA may also issue certificates to individuals who operate the FBCA. The FBCA certificates issued to Principal CAs act as a conduit of trust. Any use of or reference to this FBCA CP outside the purview of the Feder

47、al PKI Policy Authority is completely at the using partys risk. An Entity shall not assert the FBCA CP OIDs in any certificates the Entity CA issues, except in the policyMappings extension establishing an equivalency between an FBCA OID and an OID in the Entity CAs CP. This FBCA CP is consistent wit

48、h the Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (IETF PKIX) RFC 3647 8, Certificate Policy and Certification Practices Framework. The terms and provisions of this FBCA CP shall be interpreted under and governed by applicable Federal law.“ 5 Mapping the FBCA CP to the QCP

49、 The mapping detailed in the following clause is built by associating to the requirements of FBCA CP to those of the QCP, as stipulated in its clauses 5, 6 and 7. 5.1 Rating For an easier comparison the present document adopts the same seven comparative evaluation terms and definitions that were used in the opposite mapping produced by the FBCA 4. These are: a) Exceeds: The FBCA CP provides a higher level of assurance/security than the QCP requirement. b) Equivalent: The FBCA CP provides exactly the same assurance/security as

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1