1、 ETSI TS 102 640-2 V2.2.1 (2011-09) Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 2: Data requirements, Formats and Signatures for REM Technical Specification ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)2Reference RTS/ESI-000071-2 Keywords e-commerce, electronic
2、signature, email, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Indi
3、vidual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Docume
4、nt Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the cu
5、rrent status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reprod
6、uced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit
7、 of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)3Contents Intellectual Property Rights 7
8、g3Foreword . 7g3Introduction 7g31 Scope 8g32 References 8g32.1 Normative references . 9g32.2 Informative references 10g33 Definitions and abbreviations . 10g33.1 Definitions 10g33.2 Abbreviations . 11g34 REM-MD Envelope Structure Implementation 11g34.1 REM-MD Message/REM Dispatch Headers constraints
9、 13g34.2 REM-MD Message/REM Dispatch Data Headers Constraints 14g34.3 REM-MD Signature Headers Constraints 14g34.4 REM-MD Introduction Headers Constraints 14g34.4.1 Multipart/alternative: Free text subsection Header constraints . 14g34.4.2 Multipart/alternative: Html subsection Header constraints .
10、15g34.5 Original Message MIME Section Headers Constraints 15g34.6 REM-MD Extensions MIME Section Headers Constraints . 15g34.7 REM-MD Evidence MIME Section Headers Constraints 15g34.7.1 ASN.1 Format . 15g34.7.2 XML Format. 16g34.7.3 PDF Format 16g35 REM-MD Evidence Content and Semantics 16g35.1 REM-
11、MD Evidence 16g35.1.1 SubmissionAcceptanceRejection 18g35.1.2 RelayToREMMDAcceptanceRejection 19g35.1.3 RelayToREMMDFailure 20g35.1.4 DeliveryNonDeliveryToRecipient 21g35.1.5 DownloadNonDownloadByRecipient 22g35.1.6 RetrievalNonRetrievalByRecipient 23g35.1.7 AcceptanceRejectionByRecipient . 24g35.1.
12、8 RelayToNonREMSystem . 25g35.1.9 ReceivedFromNonREMSystem 26g35.2 REM-MD Evidence Components . 26g35.2.1 REM-MD Evidence Components Template . 26g35.2.2 Components description . 27g35.2.2.1 Core Components 27g35.2.2.1.1 G00 - REM-MD Evidence Identifier . 27g35.2.2.1.2 G01 - REM-MD Evidence Type . 2
13、7g35.2.2.1.3 G02 - REM Event 28g35.2.2.1.4 G03 - Reason code . 28g35.2.2.1.5 G04 - REM-MD Evidence Version . 28g35.2.2.1.6 G05 - Event Time 28g35.2.2.1.7 G06 - Transaction log information 28g35.2.2.2 REM-MD Components . 29g35.2.2.2.1 R01 - Evidence issuer Policy Identifier . 29g35.2.2.2.2 R02 - Evid
14、ence Issuer Details . 29g35.2.2.2.3 R03 - Signature by issuing REM-MD . 29g35.2.2.3 Identity Components . 30g35.2.2.3.1 I00 - Senders details 30g35.2.2.3.2 I01 - Recipients details . 31g35.2.2.3.3 I02 - Recipients delegate details . 31g3ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)45.2.2.3.4 I03 - Recipie
15、nt referred to by the Evidence . 31g35.2.2.3.5 I04 - Sender Authentication details . 32g35.2.2.3.6 I05 - Recipient Authentication details . 32g35.2.2.4 Messaging Components 33g35.2.2.4.1 M00 - REM-MD Message/REM Dispatch details . 33g35.2.2.4.2 M01 - Reply-to 33g35.2.2.4.3 M02 - Notification Message
16、 Tag . 33g35.2.2.4.4 M03 - Message Submission Time . 33g35.2.2.4.5 M04 - Forwarded to external system . 33g35.2.3 REM-MD Evidence Components formats and values 34g35.2.3.1 Free text 34g35.2.3.2 Events 34g35.2.3.3 Reasons . 34g35.2.3.3.1 Reasons related to Senders Submission 34g35.2.3.3.2 Reasons rel
17、ated to the Relay to the recipients REM-MD . 35g35.2.3.3.3 Delivery/download related reasons 35g35.2.3.3.4 Retrieval reasons . 35g35.2.3.3.5 Reasons related to forwarding REM Message to a non REM external system . 36g36 REM Signatures . 36g36.1 Electronic signatures within REM-MD Messages/REM Dispat
18、ches . 36g36.2 Common Requirements on Signatures . 37g36.3 Requirements on Signatures Applied to REM-MD Evidence 37g36.3.1 XML Signatures 37g36.3.2 ASN.1 Signatures . 37g36.3.3 PDF Signatures . 38g36.4 Electronic signatures on REM-Message . 38g37 Profiling for REM Service information in Trusted-Serv
19、ice Status List . 38g3Annex A (normative): REM-MD Evidence Implementation in ASN.1 . 39g3A.1 REM-MD Evidence Structure 39g3A.1.1 Field eventCode . 40g3A.1.2 Field eventReasons . 41g3A.1.3 Field evidenceIssuerPolicyID . 41g3A.1.4 Field evidenceIdentifier 41g3A.1.5 Field evidenceIssuerDetails 41g3A.1.
20、6 Field senderAuthenticationDetails . 42g3A.1.7 Field recipientAuthenticationDetails 43g3A.1.8 Field eventTime 43g3A.1.9 Field submissionTime 43g3A.1.10 Field replyTo 43g3A.1.11 Field senderDetails . 43g3A.1.12 Field recipientsDetails 43g3A.1.13 Field recipientsDelegatesDetails 44g3A.1.14 Field evid
21、enceRefersToRecipient 44g3A.1.15 Fields senderMessageDetails and notificationMessageDetails 44g3A.1.15.1 Field senderMessageDetails . 44g3A.1.15.2 Field notificationMessageDetails . 45g3A.1.16 Field forwardedToExternalSystem . 45g3A.1.17 Field transactionLogInformation 45g3A.1.18 Field extensions 46
22、g3A.2 REM-MD Evidence 46g3A.2.1 Evidence submissionAcceptanceRejection 47g3A.2.2 Evidence RelayREMMDAcceptanceRejection 48g3A.2.3 Evidence RelayREMMDFailure 49g3A.2.4 Evidence DeliveryNonDeliveryToRecipient 49g3A.2.5 Evidence DownLoadNonDownloadByRecipient . 51g3A.2.6 Evidence RetrievalNonRetrievalB
23、yRecipient 52g3A.2.7 Evidence AcceptanceRejectionByRecipient 53g3A.2.8 Evidence RelayToNonREMSystem . 54g3ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)5A.2.9 Evidence ReceivedFromNonREMSystem . 55g3Annex B (normative): REM-MD Evidence Implementation in xml 56g3B.1 REM-MD Evidence Structure 56g3B.1.1 Eleme
24、nt 57g3B.1.2 Element . 57g3B.1.3 Element 58g3B.1.4 Element . 58g3B.1.5 Element 58g3B.1.5.1 Element . 58g3B.1.5.2 Element 59g3B.1.6 Element 60g3B.1.7 Element 61g3B.1.8 Element 61g3B.1.9 Element . 61g3B.1.10 Element 62g3B.1.11 Element . 62g3B.1.12 Element 62g3B.1.13 Element 62g3B.1.14 Element 63g3B.1.
25、15 Elements and 63g3B.1.15.1 Element . 63g3B.1.15.2 Element . 64g3B.1.16 Element . 64g3B.1.17 Element 64g3B.1.18 Element 65g3B.1.19 Element . 65g3B.2 REM-MD Evidence 65g3B.2.1 Evidence . 66g3B.2.2 Evidence 67g3B.2.3 Evidence 68g3B.2.4 Evidence . 69g3B.2.5 Evidence 70g3B.2.6 Evidence 72g3B.2.7 Eviden
26、ce 73g3B.2.8 Evidence . 74g3B.2.9 Evidence . 75g3Annex C (normative): REM-MD Evidence Implementation in PDF 76g3Annex D (normative): SAML token profiling . 77g3D.1 Element . 77g3D.2 Element 77g3D.3 Element 77g3D.3.1 Element . 77g3D.3.2 Element 77g3D.3.2.1 Element . 78g3D.4 Element . 78g3D.4.1 Elemen
27、t . 78g3D.5 Element . 78g3D.5.1 Element . 78g3Annex E (normative): Event reason identifiers and codes . 80g3Annex F (normative): ASN.1 module for Evidence encoded in ASN.1 . 81g3Annex G (normative): XML Schema for Evidence encoded in XML 84g3ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)6Annex H (informati
28、ve): Bibliography . 88g3History 89g3ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)7Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members
29、and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org)
30、. Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the prese
31、nt document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 2 of a multi-part deliverable. Full details of the entire series can be found in part 1 i.2. Introduction Business and a
32、dministrative relationships among companies, public administrations and private citizens, are more and more implemented electronically. Trust is becoming essential for their success and continued development of electronic services. It is therefore important that any entity using electronic services
33、has suitable security controls and mechanisms in place to protect their transactions and to ensure trust and confidence with their partners. Electronic mail is a major tool for electronic business and administration. Additional security services are necessary for e-mail to be trusted. At the time of
34、 writing the present document, in some European Union Member States (Italy, Belgium, etc.) regulation(s) and application(s) are being developed, if not already in place, on mails transmitted by electronic means providing origin authentication and proof of delivery. A range of Registered E-Mail (REM)
35、 services is already established and their number is set to grow significantly over the next few years. Without the definition of common standards there will be no consistency in the services provided, making it difficult for users to compare them. Under these circumstances, users might be prevented
36、 from easily changing to alternative providers, damaging free competition. Lack of standardization might also affect interoperability between REM based systems implemented based on different models. The present document is to ensure a consistent form of service across Europe, especially with regard
37、to the form of evidence provided, in order to maximize interoperability even between e-mail domains governed by different policy rules. In order to move towards the general recognition and readability of evidence provided by registered e-mail services, it is necessary to specify technical formats, a
38、s well as procedures and practices for handling REM, and the ways the electronic signatures are applied to it. In this respect, the electronic signature is an important security component to protect the information and to provide trust in electronic business. It is to be noted that a simple “electro
39、nic signature“ would be insufficient to provide the required trust to an information exchange. Therefore the present doccument assumes the usage of at least an Advanced Electronic Signature, with the meaning of article 2(2) of EU Directive 1999/93/EC 1 issued with a Secure Signature Creation Device,
40、 with the meaning of article 2(6) of the same Directive. The summarised scope of each part and sub-part can be found in part 1 i.2 of this multi-part deliverable. ETSI ETSI TS 102 640-2 V2.2.1 (2011-09)81 Scope The basic purpose of a Registered E-Mail service is to provide users, in addition to the
41、usual services supplied by the ordinary e-mail service providers, with a set of evidence suitable to uphold assertions of acceptance (i.e. of “shipment“), of delivery/non delivery, of receipt, etc. of e-mails sent/delivered through such service. The present document provides: a) Rules for building a
42、 REM-MD Envelope and, consequently, a REM Dispatch or a REM-MD Message. b) Syntax and semantics of REM-MD Evidence to be produced by a REM Management Domain. c) Rules on the signature to be used within REM-MD Envelopes. REM-MD Evidence formats are deemed to comply with legal, regulatory or contractu
43、al requirements to provide legal validity and enforceability under domestic or international law. The structure of the present document is as follows: Clause 2 contains the list of normative and informative references. Clause 3 includes definitions of the relevant concepts to the present document an
44、d abbreviations. Clause 4 contains the generic REM-MD Envelope structure. Clause 5 contains the definition of REM-MD Evidence produced by REM-MDs, in terms of content and semantics. Specific syntaxes are addressed by annexes. Clause 6 deals with digital signatures to be applied by REM-MD for buildin
45、g REM-MD Envelopes. Clause 7 provides a profiling of the service information for listing within a TSL. Annex A provides ASN.1 syntax for REM-MD Evidence. Annex B provides xml syntax for REM-MD Evidence. Annex C provides PDF syntax for REM-MD Evidence. Annex D provides a profiling for the SAML assert
46、ion to be used in REM-MD Evidence. Annex E specifies identifiers and codes for reporting events reasons in REM-MD Evidence. Annex F provides the ASN.1 definition for REM-MD Evidence encoded in ASN.1. Annex G provides the XML schema for REM-MD Evidence encoded in XML. Annex H provides a bibliography.
47、 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) appl
48、ies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. ETSI ETSI TS 10
49、2 640-2 V2.2.1 (2011-09)92.1 Normative references The following referenced documents are necessary for the application of the present document. 1 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 2 IETF RFC 3852: “Cryptographic Message Syntax (CMS)“. 3 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)“. 4 ETSI TS 101 903: “Electronic Signatures and Infrastructure
