ETSI - TR 119 411-5
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 5: Guidelines for the coexistence of web browser and EU trust controls
| Organization: | ETSI |
| Publication Date: | 1 January 2023 |
| Status: | active |
| Page Count: | 11 |
scope:
The present document provides guidance on how a single TLS certificate can support both Browser Vendor controls and EU trust controls for website authentication, commonly referred to as "server authentication".
In particular, the present document provides guidance on the issuance and verification of website authentication certificates which:
a) Are based on trust controls defined in existing ETSI standards and CA/Browser Forum specifications as referenced in the present document.
b) Include requirements of qualified certificates for website authentication as specified in Regulation (EU) No 910/2014 [i.4].
c) Include requirements of web browsers for certificates based on CA/Browser Forum Requirements [i.5] and [i.6].
d) Ensure that the identity data contained in qualified certificates for website authentication per Regulation (EU) No 910/2014 [i.4] is displayed in a user-friendly manner.
e) Authenticate the website bound to secure communications using encryption from the browser client to a server.
The present document only applies to website authentication certificates which:
a) are qualified according to Regulation (EU) No 910/2014 [i.4] and can validate to an entry included in the EU Trusted List; and
b) are issued by QTSPs whose certificates are either directly included in or validate to an entry in browser root stores.
The present document is based on a single X.509 certificate which is handled in line with both Browser Vendor objectives and Regulation (EU) No 910/2014 [i.4] requirements; alternative approaches may be added in future versions of the present document.
Document History
