1、 ETSI TR 102 046 V1.2.1 (2004-06)Technical Report Electronic Signatures and Infrastructures (ESI);Maintenance reportETSI ETSI TR 102 046 V1.2.1 (2004-06) 2 Reference RTR/ESI-000020 Keywords e-commerce, electronic signature, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
2、 Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be m
3、ade available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version k
4、ept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If yo
5、u find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 20
6、04. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its M
7、embers and of the 3GPP Organizational Partners. ETSI ETSI TR 102 046 V1.2.1 (2004-06) 3 Contents Intellectual Property Rights7 Foreword.7 Introduction 7 1 Scope 8 2 References 8 3 Definitions and abbreviations.9 4 Role and structure of the present document .9 4.1 Role of the present document in the
8、maintenance process .9 4.2 Structure of the present document10 4.2.1 Clause 5: fields and structure10 4.2.2 Annex A: Fields and structure 11 5 Comments.12 5.1 TS 101 456 - Qualified certificate policy .12 5.2 TS 101 733 - ES electronic signature formats41 5.3 TS 101 861 - Time stamping profile 53 5.
9、4 TS 101 862 - Qualified certificate profile 56 5.5 TS 101 903 - XML advanced electronic signatures (XAdES) .61 5.6 TS 102 023 - Time stamping policy.79 5.7 TR 102 038 - XML format for signature policies.93 5.8 TR 102 041 - Signature policies report 94 5.9 TS 102 042 - PKC certificate policy 95 Anne
10、x A: Comments in their original format111 A.1 Comments from a TC-ESI member111 A.1.1 TS 101 456 - Qualified certificate policy .111 A.1.1.1 Proposed amendments from CEN/ISSS area M on system backup and recovery 111 A.1.1.2 Auditors view of system logs.111 A.1.1.3 Export of the CA private key112 A.1.
11、1.4 Mapping with RFC 2527 112 A.1.2 TS 102 042 - Normalized certificate policy .114 A.1.2.1 Export of the CA private key114 A.1.2.2 Mapping with RFC 2527 114 A.1.3 TS 102 023 - Time-stamping policy.115 A.1.3.1 Export of the CA private key115 A.2 Comments and proposed amendments from UNINFO-STT (Ital
12、y).116 A.2.1 Proposed amendments on TS 101 456 .116 A.2.2 Proposed amendments on TS 102 042 .119 A.2.3 Early informal comments on TS 101 733 from STT-A2 WG (September 2002).122 A.2.4 Stable informal comments on TS 101 733 from STT-A2 WG (February 2003)122 A.2.4.1 Proposals about the document content
13、s 122 A.2.4.2 Proposals about the document structure123 A.2.4.3 Proposals for some additional explanatory documents.123 A.2.5 Proposed amendments to TS 101 862 from STT-A4 WG123 A.2.5.1 References to be updated 123 A.2.5.2 CSP identifier123 A.2.5.3 Identity of the signer.124 A.2.5.4 Pseudonyms 125 A
14、.2.5.5 SerialNumber attribute125 A.2.5.6 The key usage .125 A.2.6 Proposed amendments to TS 102 023 - Time-stamping policy126 A.3 Comments and proposed amendments from Japan and China PKI forums .128 ETSI ETSI TR 102 046 V1.2.1 (2004-06) 4 A.3.1 Proposed amendments on TS 101 456 .128 A.3.1.1 Comment
15、 #1, page 10 .129 A.3.1.2 Comment #2, page 18 .129 A.3.1.3 Comment #3, page 18 .129 A.3.2 Proposed amendments on TS 101 733 .129 A.3.2.1 Rationale: Some comments regarding EESSI signature policy 129 A.3.2.2 Comment #1, pages 49, 67 and 76132 A.3.2.3 Comment #2, pages 16 and 17132 A.3.2.4 Comment #3,
16、 clause 8.9.1.132 A.3.2.5 Comment #4, clause 11.1132 A.3.2.6 Comment #5, clause 11.11132 A.3.2.7 Comment #6, clause 5.4.2.132 A.3.2.8 Comment #7, clauses 5.4.5 and 5.4.7133 A.3.3 Proposed amendments on TS 101 903 .133 A.3.3.1 Rationale: “Some comments regarding EESSI Signature Policy“ 133 A.3.3.2 Co
17、mment #1, page 17 .133 A.3.3.3 Comment #2133 A.3.3.4 Comment #3133 A.3.4 Proposed amendments on TS 101 861 - Time stamping profile.134 A.3.4.1 Comment #1, clause 5.1.2.134 A.3.4.2 Comment #2, clause 5.2.3.134 A.3.4.3 Comment #3134 A.3.5 Comments and proposed amendments on TS 102 023.134 A.3.5.1 Comm
18、ent #1, clause 4.2134 A.3.5.2 Comment #2, clause 4.2135 A.3.5.3 Comment #3, clause 7.1.2 d) 135 A.3.5.4 Comment #4, clause 7.1.2 j) .135 A.3.5.5 Comment #5, clause 7.2.1 b) 135 A.3.5.6 Comment #6, clause 7.2.2 a).135 A.3.5.7 Comment #7, clause 7.2.2 b) 135 A.3.5.8 Comment #8, clause 7.2.4.135 A.3.5.
19、9 Comment #9, clause 7.3.1 e).135 A.3.5.10 Comment #10, clause 7.3.2 a).136 A.3.5.11 Comment #11, clause 7.3.2 d) 136 A.3.5.12 Comment #12, clause 7.4.8.136 A.3.5.13 Comment #13, clause 7.4.8 c).136 A.3.5.14 Comment #14136 A.3.6 Comments and proposed amendments on TR 102 038 137 A.3.6.1 Comment #113
20、7 A.3.7 Comments and proposed amendments on TR 102 041 137 A.3.7.1 Comment #1, clause 8.3.1 - Signature validation policy 137 A.3.7.2 Comment #2, clause 8.3.2 - Signature validation information137 A.4 Comments and proposed amendments from a TC-ESI member 138 A.4.1 Proposed amendments on TS 101 456 -
21、 Qualified certificate policy .138 A.4.1.1 Keys certified under multiple policies 138 A.4.2 Proposed amendments on TS 102 042 - Normalized certificate policy140 A.4.2.1 Keys certified under multiple policies 140 A.5 Comments and proposed amendments from Pink Roccade (Netherlands) 142 A.5.1 Proposed
22、amendments on TS 101 456 - Qualified certificate policy .142 A.6 Comments and proposed amendments from EESSI evaluation .143 A.6.1 Suggested amendments on TS 101 456 - Qualified certificate policy (see EESSI #21(2002)04 - clause 6)143 A.6.2 Suggested amendments on TS 101 862 - Qualified certificates
23、 profile (see EESSI #21(2002)04 - clause 6) 143 A.7 Comments and proposed amendments from CEN/ISSS WS/E-Sign Area M and ETSI STF-210 maintenance groups144 A.7.1 Proposed amendments on TS 102 023 - Time-stamping policy.144 A.8 Other comments and proposed amendments144 A.8.1 Proposed amendments on TS
24、101 456 - Qualified certificate policy .144 ETSI ETSI TR 102 046 V1.2.1 (2004-06) 5 A.8.1.1 Advise on use of SSCD 144 A.8.1.2 Use of CA key for multiple policies .145 A.8.1.3 Reference to CWA 14167-1 in clause 7.4.7145 A.8.1.4 When a new policy OID is required146 A.8.2 Proposed amendments on TS 102
25、042 - Normalized certificate policy146 A.8.2.1 Advise on use of SSCD 146 A.8.2.2 Use of CA key for multiple policies .146 A.8.2.3 Reference to CWA 14167-1 in clause 7.4.7147 A.8.2.4 When A new Policy OID is required 147 A.8.3 Proposed amendments on TS 101 733 - Electronic signature formats .148 A.8.
26、3.1 Archive timestamp148 A.8.4 Proposed amendments on TS 101 861 - Time stamping profile.148 A.8.4.1 Clause 5.2.1 - Accuracy and precision of time .148 A.8.4.2 Clause 5.2.1 - Ordering.149 A.8.4.3 Clause 6 mandate support for store and forward 149 A.8.4.4 Clause 7.1.1 149 A.8.5 Proposed amendments on
27、 TS 101 862 - Qualified certificates profile .150 A.8.5.1 Country Name.150 A.9 Comments and proposed amendments from a TC-ESI member 150 A.9.1 Proposed amendments on TS 101 862 and related discussion threads.150 A.9.2 Proposed amendments on TS 102 023 and related discussion threads.152 A.10 Comments
28、 and proposed amendments from ETSI STF-220 - Task 4153 A.10.1 TS 101 456 - Qualified certificate policy .153 A.10.1.1 Proposed amendments related to section “Introduction“ 153 A.10.1.2 Proposed amendments related to clause 2 “Reference“ 153 A.10.1.3 Proposed amendments related to clause 3.1 “Definit
29、ions“ .154 A.10.1.4 Proposed amendments related to clause 4.1“Certification authority“.154 A.10.1.5 Proposed amendments related to clause 4.3.4 “Other CA Statements“ 154 A.10.1.6 Proposed clause to be added: 4.5 “Certified attributes“ 154 A.10.1.7 Proposed clause to be added: 4.6 “Attribute semantic
30、s“.155 A.10.1.8 Proposed clause to be added: 6.3 “Subject obligations“ (subsequent clauses must be renumbered accordingly) 155 A.10.1.9 Proposed amendments related to clause 7.3.1 “Subject initial registration“ .155 A.10.1.10 Proposed amendments related to clause 7.3.2 “Certificate renewal, rekey an
31、d update“.156 A.10.1.11 Proposed amendments related to clause 7.3.4 “Dissemination of Terms and Conditions“.156 A.10.1.12 Proposed amendments related to “Annex E (informative): Bibliography“ .156 A.11 Proposed amendments from ETSI STF-220 Task 2.157 A.11.1 TS 101 456 - Qualified certificate policy .
32、157 A.12 Proposed amendments from XadES-PLUGTESTSTM.158 A.12.1 Proposed amendments on TS 101 903 .158 A.12.1.1 Issue #1 158 A.12.1.2 Issue #2 Data Type 159 A.12.1.3 Issue #3 160 A.12.1.4 Issue #4 Requirement Levels (RFC2119)161 A.12.1.5 Issue #5 .162 A.12.1.6 Issue #6 ASN.1 Encoding162 A.12.1.7 Issu
33、e #7 Trust Status Lists .162 A.12.1.8 Issue #8 .162 A.12.1.9 Issue #9 XAdES forms 162 A.12.1.10 Issue #10 archival forms 163 A.12.1.11 Issue #11 Data Type163 A.12.1.12 Issue #12 163 A.12.1.13 Issue #13 .NET validating parser.163 A.12.1.14 Issue #14 XAdES schema164 A.12.1.15 Issue #15 data type164 A.
34、12.1.16 Issue #16 XAdES examples.164 A.12.1.17 Issue #17 164 A.12.1.18 Issue #18 165 ETSI ETSI TR 102 046 V1.2.1 (2004-06) 6 A.12.1.19 Issue #19 .166 History 167 ETSI ETSI TR 102 046 V1.2.1 (2004-06) 7 Intellectual Property Rights IPRs essential or potentially essential to the present document may h
35、ave been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI stan
36、dards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of ot
37、her IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Introduction E
38、lectronic commerce is emerging as a way of doing business and communicating across public and private networks. An important requirement of electronic commerce is the ability to identify the originator of electronic information in the same way that documents are signed using a hand-written signature
39、. This is commonly achieved by using electronic signatures which are supported by a certification-service-provider issuing certificates, commonly called a certification authority. For users of electronic signatures to have confidence in the authenticity of the electronic signatures they need to have
40、 confidence that the CA has properly established procedures and protective measure in order to minimize the operational and financial threats and risks associated with public key crypto systems. The Directive 1999/93/EC 11 (of the European Parliament and of the Council on a Community framework for e
41、lectronic signatures) (hereinafter referred to as “the Directive“) identifies a special form of electronic signature which is based on a “qualified certificate“. Annex I of the Directive 1999/93/EC 11 specifies requirements for qualified certificates. Annex II of the Directive specifies requirements
42、 on certification-service-providers issuing qualified certificates (i.e. certification authorities issuing qualified certificates). Annex III of the Directive specifies requirements for the use of a secure-signature-creation device. The ETSI TC on Electronic Signatures and Infrastuctures, along with
43、 CEN ISSS, has published a number of Technical Specifications for the implementation of services and infrastures supporting the requirements of the Electronic Signatures Directive, as well as to meet the general commercial requirements for Electronic Signatures. As a result of experience in implemen
44、ting these specifications a number of comments and issues have been raised on the specifications. The present document records these issues and in some cases proposes resolutions. These comments may result in new versions of some or all of these specifications in the future. It should be noted, howe
45、ver, that until new versions of new Technical Specifications are released the existing requirements stand. ETSI ETSI TR 102 046 V1.2.1 (2004-06) 8 1 Scope The present document records comments and issues raised with the ETSI TC ESI on Technical Specifications and on Technical Reports published for E
46、lectronic Signatures and Infrastructures, and in some cases proposes resolution for these issues. These comments may result in new versions of some or all of these specifications in the future. Comments on Technical Reports will be taken into account in any subquent Technical Specification based on
47、the Technical Report. It should be noted, however, that until new versions of new Technical Specifications are released the existing requirements stand. Clause 4 contains the explanation of the maintenance process and describes the document structure; clause 5 collects the comment in a tabled style;
48、 the Annex A collects the comments in their original format keeping also the original text The comments contained within the present document were maintained using a database and software tools (see TR 102 317 1 for details). 2 References For the purposes of this Technical Report (TR) the following
49、references apply: 1 ETSI TR 102 317: “Electronic Signatures and Infrastructures (ESI); Process and tool for maintenance of ETSI deliverables“. 2 ETSI TS 101 456: “Policy requirements for certification authorities issuing qualified certificates“. 3 ETSI TS 102 042: “Policy requirements for certification authorities issuing public key certificates“. 4 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); Electronic signature formats“. 5 ETSI TS 101 903: “XML Advanced Electronic Signatures (XAdES)“. 6 ETSI TS 101
