ETSI - EN 319 411-2
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Policy requirements for certification authorities issuing qualified certificates
Organization: | ETSI |
Publication Date: | 1 April 2012 |
Status: | inactive |
Page Count: | 42 |
scope:
The present document specifies policy requirements relating to Certification Authorities (CAs) issuing qualified certificates (termed certification service providers issuing qualified certificates in the Directive 1999/93/EC [i.1]). It defines policy requirements on the operation and management practices of certification authorities issuing qualified certificates such that subscribers, subjects certified by the CA and relying parties may have confidence in the applicability of the certificate in support of electronic signatures.
The policy requirements are defined in terms of:
a) the specification of two closely related qualified
certificate policies for qualified certificates issued to the
public, one requiring the use of a secure-signature-cre
b) a framework for the definition of other qualified certificate policies enhancing the above policies or for qualified certificates issued to non-public user groups.
The specific policy requirements relating to the CA include
requirements on the provision of services for registration,
certificate generation, certificate dissemination, revocation
management, revocation status and, if required, signature-creation
device provision. Other certification service provider functions
such as time-stamping, attribute certificates and confidentiality
support are outside the scope of the present document. In addition,
the present document does not address requirements for
certification authority certificates, including certificate
hierarchies and cross-certification.
These policy requirements are specifically aimed at qualified certificates issued to the public, and used in support of qualified electronic signatures (i.e. electronic signatures that are legally equivalent to hand-written signatures in line with article 5.1 of the Directive 1999/93/EC [i.1]). It specifically addresses the requirements for CAs issuing qualified certificates in accordance with annexes I and II of the Directive 1999/93/EC [i.1]. Requirements for the use of securesignature- creation devices as specified in annex III, which is also a requirement for electronic signatures in line with article 5.1, is an optional element of the policy requirements specified in the present document.
Certificates issued under these policy requirements may be used to authenticate a person who acts on his own behalf or on behalf of the natural person, legal person or entity he represents.
These policy requirements are based around the use of public key cryptography to support electronic signatures.
The present document may be used by competent independent bodies as the basis for confirming that a CA meets the requirements for issuing qualified certificates.
It is recommended that subscribers and relying parties consult the certification practice statement of the issuing CA to obtain further details of precisely how a given certificate policy is implemented by the particular CA.
The present document does not specify how the requirements identified may be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors.
NOTE: See TS 119 403 "Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - General requirements and guidance" [i.2].
The present document references EN 319 401 [20] for generic policy requirements common to all classes of TSP service.
Document History















