1、 ETSI TS 102 231 V3.1.2 (2009-12)Technical Specification Electronic Signatures and Infrastructures (ESI);Provision of harmonized Trust-service status informationETSI ETSI TS 102 231 V3.1.2 (2009-12)2Reference RTS/ESI-000083 Keywords e-commerce, electronic signature, security, trust services ETSI 650
2、 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downlo
3、aded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference
4、shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is av
5、ailable at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. Th
6、e copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2009. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM
7、 is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the
8、GSM Association. ETSI ETSI TS 102 231 V3.1.2 (2009-12)3Content Intellectual Property Rights 9g3Foreword . 9g3Acknowledgement 9g3Introduction 9g31 Scope 11g32 References 11g32.1 Normative references . 11g32.2 Informative references 13g33 Definitions and abbreviations . 13g33.1 Definitions 13g33.2 Abb
9、reviations . 14g34 Trust-service status information . 15g35 Trust-service Status List structure 16g35.1 Structure of the Trust-service Status List . 16g35.1.1 Trust-service Status List information 16g35.1.2 Logical model . 17g35.1.3 Language support 19g35.1.4 Date-time indication . 19g35.1.5 Use of
10、Uniform Resource Identifiers 19g35.1.6 Value of Country Code fields . 20g35.1.7 TSL Format . 20g35.2 Trust-service Status List tag . 20g35.2.1 TSL Tag 20g35.3 Scheme information . 20g35.3.1 TSL version identifier . 20g35.3.2 TSL sequence number 20g35.3.3 TSL type . 21g35.3.4 Scheme operator name 21g
11、35.3.5 Scheme operator address 21g35.3.5.1 Scheme operator postal address 21g35.3.5.2 Scheme operator electronic address 22g35.3.6 Scheme name 22g35.3.7 Scheme information URI 22g35.3.8 Status determination approach 23g35.3.9 Scheme type/community/rules 23g35.3.10 Scheme territory 23g35.3.11 TSL pol
12、icy/legal notice . 24g35.3.12 Historical information period 24g35.3.13 Pointers to other TSLs 24g35.3.13.1 Additional information field 25g35.3.14 List issue date and time . 25g35.3.15 Next update . 26g35.3.16 Distribution points 26g35.3.17 Scheme extensions 26g35.3.18 List of Trust Service Provider
13、s . 26g35.4 TSP information . 27g35.4.1 TSP name 27g35.4.2 TSP trade name . 27g35.4.3 TSP address 27g35.4.3.1 TSP postal address 27g35.4.3.2 TSP electronic address 28g35.4.4 TSP information URI 28g3ETSI ETSI TS 102 231 V3.1.2 (2009-12)45.4.5 TSP information extensions 28g35.4.6 List of services 28g3
14、5.5 Service information 29g35.5.1 Service type identifier . 29g35.5.2 Service name . 30g35.5.3 Service digital identity 30g35.5.4 Service current status 30g35.5.5 Current status starting date and time . 32g35.5.6 Scheme service definition URI . 32g35.5.7 Service supply points 33g35.5.8 TSP service d
15、efinition URI . 33g35.5.9 Service information extensions . 33g35.5.10 Service approval history . 33g35.6 Service approval history information . 33g35.6.1 Service type identifier . 33g35.6.2 Service name . 34g35.6.3 Service digital identity 34g35.6.4 Service previous status 34g35.6.5 Previous status
16、starting date and time . 34g35.6.6 Service information extensions . 34g35.7 Signature. 34g35.7.1 Signed TSL . 34g35.7.2 Scheme identification . 35g35.7.3 Signature algorithm identifier . 35g35.7.4 Signature value . 35g35.8 TSL extensions . 35g35.8.1 expiredCertsRevocationInfo Extension 36g35.8.2 add
17、itionalServiceInformation Extension . 36g36 Operations 37g36.1 TSL publication 37g36.1.1 Transport Protocols . 37g36.1.1.1 LDAP transport . 37g36.1.1.1.1 Attributes and Object class definition 37g36.1.1.2 HTTP-Transport 39g36.1.1.2.1 HTTP-Media Type 39g36.1.1.3 FTP-Transport . 39g36.1.1.4 Email Tran
18、sport . 39g36.1.1.4.1 Content-Types . 39g36.1.1.4.2 Encoding considerations 39g36.1.1.5 MIME registrations . 39g36.2 TSL Signer Certificate 40g36.3 TSL Distribution Points 40g3Annex A (normative): Implementation in ASN.1 41g3A.1 Structure of the Trust-service Status List . 41g3A.1.1 ASN.1 versioning
19、 . 41g3A.1.2 Basic types 41g3A.1.2.1 The NonEmptyURI type . 41g3A.1.2.2 The LanguageTag type . 42g3A.1.2.3 The CountryCode type . 42g3A.1.2.4 The MultiLangPointer type . 42g3A.1.2.5 The MultiLangString type . 42g3A.1.2.6 The PhysicalAndElectronicAddresses type 42g3A.1.3 General Structure 43g3A.2 Sch
20、eme information fields 43g3A.2.1 The tSLTag field 43g3A.2.2 The version field . 43g3A.2.3 The sequenceNumber field . 44g3A.2.4 The tSLType field 44g3ETSI ETSI TS 102 231 V3.1.2 (2009-12)5A.2.5 The schemeOperatorName field . 44g3A.2.6 The schemeOperatorAddress field . 44g3A.2.7 The schemeName field .
21、 44g3A.2.8 The schemeInformationURI field . 44g3A.2.9 The statusDeterminationApproach field . 44g3A.2.10 The schemeTypeCommunityRules field 45g3A.2.11 The schemeTerritory field 45g3A.2.12 The tSLpolicy field . 45g3A.2.13 The historicalInformationPeriod field 45g3A.2.14 The pointersToOtherTSLs field
22、. 45g3A.2.14.1 otherQualifier 46g3A.2.15 The listIssueDateTime field . 46g3A.2.16 The nextUpdate field 47g3A.2.17 The distributionPoints field 47g3A.2.18 The schemeExtensions field . 47g3A.2.19 The tSPlist field 47g3A.3 TSP information fields . 48g3A.3.1 The tSPname field 48g3A.3.2 The tradeName fie
23、ld . 48g3A.3.3 The tSPaddress field . 48g3A.3.4 The tSPinformationURI field . 48g3A.3.5 The tSPextensions field 48g3A.3.6 The listOfServices field 48g3A.4 TSP service information fields . 49g3A.4.1 The serviceType field . 49g3A.4.2 The serviceName field 49g3A.4.3 The serviceDigitalIdentity field 49g
24、3A.4.4 The currentServiceStatus field . 50g3A.4.5 The currentStatusStartingTime field 50g3A.4.6 The schemeURI field 50g3A.4.7 The tspURI field . 50g3A.4.8 The serviceSupplyPoints field 50g3A.4.9 The srvcExtensions field 51g3A.4.10 The serviceApprovalHistory field 51g3A.5 Service history information
25、fields 51g3A.5.1 The serviceType field . 51g3A.5.2 The serviceName field 51g3A.5.3 The serviceDigitalIdentity field 51g3A.5.4 The previousServiceStatus field . 51g3A.5.5 The previousStatusStartingTime field 51g3A.5.6 The srvcExtensions field 52g3A.6 TSL signature fields . 52g3A.6.1 The signedTSL fie
26、ld . 52g3A.6.2 The scheme operator identifier . 52g3A.6.2.1 ESS signing certificate attribute 53g3A.6.3 Algorithms and parameters. 53g3A.7 Extensions defined in the present document 53g3A.7.1 TSL Extensions OID 54g3A.7.2 TSLDistributionPoints 54g3A.7.3 ExpiredCertsRevocationInfo 54g3A.7.4 Additional
27、ServiceInformation 54g3Annex B (normative): Implementation in XML . 55g3B.1 Structure of the Trust-service Status List . 55g3B.1.1 General Rules . 55g3B.1.2 XML-namespace and basic types . 55g3B.1.2.1 The InternationalNamesType and MultiLangString Types 55g3B.1.2.2 The AddressType Type 56g3ETSI ETSI
28、 TS 102 231 V3.1.2 (2009-12)6B.1.2.3 The PostalAddresses Element . 56g3B.1.2.4 The ElectronicAddressType Type 57g3B.1.2.5 Types for managing the extensions . 57g3B.1.2.6 Types for URIs . 58g3B.1.3 The TrustServiceStatusList element . 58g3B.1.3.1 The TSLTag attribute 58g3B.2 The SchemeInformation ele
29、ment 59g3B.2.1 The TSLVersionIdentifier element . 59g3B.2.2 The TSLSequenceNumber element. 59g3B.2.3 The TSLType element 59g3B.2.4 The SchemeOperatorName element 59g3B.2.5 The SchemeOperatorAddress element . 59g3B.2.6 The SchemeName element . 60g3B.2.7 The SchemeInformationURI element . 60g3B.2.8 Th
30、e StatusDeterminationApproach element . 60g3B.2.9 The SchemeTypeCommunityRules element 60g3B.2.10 The SchemeTerritory element . 60g3B.2.11 The PolicyOrLegalNotice element 60g3B.2.12 The HistoricalInformationPeriod element . 61g3B.2.13 The PointersToOtherTSL element 61g3B.2.13.1 Already identified co
31、ntents of OtherInformation element 61g3B.2.14 The ListIssueDateTime element . 62g3B.2.15 The NextUpdate element . 62g3B.2.16 The SchemeExtensions element . 62g3B.2.17 The DistributionPoints element 62g3B.2.18 The TrustServiceProviderList element 62g3B.3 The TSPInformation element 63g3B.3.1 The TSPNa
32、me element 63g3B.3.2 The TSPTradeName element . 63g3B.3.3 The TSPAddress element 63g3B.3.4 The TSPInformationURI element . 63g3B.3.5 The TSPInformationExtensions element 63g3B.3.6 The TSPServices element . 63g3B.4 The ServiceInformation element 64g3B.4.1 The ServiceTypeIdentifier element . 64g3B.4.2
33、 The ServiceName element . 64g3B.4.3 The ServiceDigitalIdentity element . 64g3B.4.4 The ServiceStatus element . 65g3B.4.5 The StatusStartingTime element 65g3B.4.6 The SchemeServiceDefinitionURI element . 65g3B.4.7 The ServiceSupplyPoints element 65g3B.4.8 The TSPServiceDefinitionURI element 65g3B.4.
34、9 The ServiceInformationExtensions element . 65g3B.4.10 The ServiceHistory element 66g3B.5 The ServiceHistory type . 66g3B.6 The Signature element . 66g3B.6.1 The scheme identification. 67g3B.6.1.1 The scheme operator identifier in XAdES signatures . 67g3B.6.2 Algorithm and parameters 67g3B.7 Elemen
35、ts and types for TSL extensions . 67g3B.7.1 The ExpiredCertsRevocationInfo element . 68g3B.7.2 The AdditionalServiceInformation element 68g3Annex C (normative): ASN.1 and XML files . 69g3ETSI ETSI TS 102 231 V3.1.2 (2009-12)7C.1 Electronic attachment . 69g3C.2 ASN.1 module 69g3C.3 XML schema 69g3C.4
36、 LDAP schema 70g3Annex D (normative): Registered Uniform Resource Identifiers 71g3D.1 URIs registered within the present document 71g3D.2 ETSI Common Domain URIs 72g3D.3 Registering additional URIs . 74g3Annex E (normative): Implementation notes for multilingual support 75g3E.1 Multilingual characte
37、r string 75g3E.2 Multilingual pointer 75g3E.3 Overall requirements 76g3Annex F (informative): TSL Signing considerations 77g3F.1 Signing application maturity 77g3F.2 CMS/ESS and CAdES 77g3F.3 XML . 77g3F.4 PDF/A. 78g3Annex G (informative): Management and Policy considerations. 79g3G.1 Change of sche
38、me administrative information . 79g3G.2 Trust-service identification . 79g3G.3 Change of trust-service status. 79g3G.4 Amendment response times 80g3G.5 On-going verification of authenticity . 80g3G.6 Upon a schemes cessation of operations . 80g3G.7 User reference to TSL 81g3G.8 Reliance upon hard-co
39、py TSL information 81g3G.9 TSL size 81g3Annex H (informative): Locating and Authenticating a TSL . 82g3H.1 Introduction 82g3H.2 Locating a TSL . 82g3H.2.1 TSL location models 82g3H.2.1.1 Bound information 82g3H.2.1.2 Linked information . 83g3H.2.1.3 De-coupled information 83g3H.2.2 Searching for a T
40、SL . 83g3H.2.2.1 Same-scheme searching 83g3H.2.2.2 Known scheme searching . 84g3H.2.2.3 “Blind“ (unknown) scheme searching . 84g3H.2.2.3.1 Structure of the HTML-Page. 84g3H.2.2.3.2 Example 85g3H.3 Authenticating a TSL . 86g3ETSI ETSI TS 102 231 V3.1.2 (2009-12)8H.4 Trusting a TSL . 86g3H.5 Replicati
41、ng TSLs 87g3H.6 Security issues 87g3H.7 Implications for authentication of Trust Service Tokens . 88g3Annex I (informative): General TSL usage. 89g3I.1 Introduction 89g3I.2 Generic TSL usage . 89g3I.2.1 Trusted Lists . 89g3I.2.2 Trust service status as legal evidence . 89g3I.2.3 Checking for anomalo
42、us status before accepting a credential 90g3I.2.4 Cross-certification status confirmation . 90g3I.3 TSLs used to list other schemes . 90g3I.3.1 Hierarchical relationships . 90g3I.3.2 A collection of TSLs 91g3I.3.3 Schemes applying common rules . 91g3I.3.4 Schemes trusted by a vendor community . 92g3
43、I.3.5 Industrial trading consortium . 92g3Annex J (informative): TSL manual/auto field usage 93g3Annex K: Void 94g3Annex L (normative): URIs and extensions used for the EU Member States national Trusted List of supervised/accredited Certification Service Providers 95g3L.1 Introduction 95g3L.2 eSig D
44、irective URIs 95g3L.3 eSig Directive Extensions 101g3L.3.1 Qualifications Extension 101g3L.3.1.1 QualificationElement 101g3L.3.1.2 CriteriaList 101g3L.3.1.2.1 KeyUsage 102g3L.3.1.2.2 PolicySet . 102g3L.3.1.2.3 OtherCriteria . 102g3L.3.1.3 Qualifier 103g3L.3.2 TakenOverBy Extension 103g3Annex M (info
45、rmative): Changes since the last major version . 104g3M.1 Changes from v2.1.1 to v3.1.1 . 104g3M.2 Changes from v3.1.1 to v3.1.2 . 104g3History 106g3ETSI ETSI TS 102 231 V3.1.2 (2009-12)9Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declar
46、ed to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which i
47、s available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not re
48、ferenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Acknowledgement The bu
49、ilding blocks of the Localization, Access and Authentication Mechanisms described in this Technical Specification were submitted by UNINFO, the Italian standardization body for ICT, federated to UNI, Italian member body of CEN and ISO. Members of the team working on the CROBIES study (Cross-Border Interoperability of eSignature) provided valuable input for version 3.1.1. Introduction The purpose of a Trust-service Status List (TSL), and hence of the present document, is to provide a harmonized way in which assessment schemes having an oversight role with regards to trust ser