ESI Activity Report 2018-2019
Chairman: Riccardo Genghini, eWitness SA
Responsible for the standardisation of electronic signatures and related trust infrastructures.
During 2018 our Electronic Signatures and Infrastructures committee (TC ESI) published a revision of the EN on general security and policy requirements for trust service providers (TSP). Two ENs on security and policy requirements for trust service providers issuing (qualified) certificates were also published, taking into account feedback from implementations and auditors, latest specifications from the CA/Browser Forum and also covering additional features requested by the eIDAS Regulation. The checklist supporting the audit of TSP was extracted and moved to a separate TR.
The committee published a new specification TS 119 403-2, defining requirements for Conformity Assessment Bodies auditing TSPs against CA/Browser Forum requirements. This technical specification complements EN 319 403 (Conformity Assessment Body requirements).
We published an update of the TS on cryptographic suites to align with the latest recommendations from SOG-IS (Senior Officials Group – Information Systems Security).
Our ETSI Specialist Task Force (STF 523) neared completion of its work on the elaboration of ENs on Electronic Registered Delivery Services (ERDS) and Registered EMail (REM) services. The work on policy and security requirements fitting within the EU scheme for the supervision of eDelivery services reached completion with the resolution of the public enquiry comments and approval by the committee of the resulting final drafts; publication is due in early 2019. All the ENs defining the technical architecture, semantic contents, formats and protocol bindings were approved by ETSI’s NSOs and were published. In the course of its work, the STF maintained collaboration with other entities such as the European Commission / CEF (Connecting Europe Facility), CEN TC 331 WG2 on postal services and the UPU.
A second STF (STF 524) continued development of three specifications related to signature validation reports and TSPs providing AdES digital signature validation services. The STF held a workshop in January 2018, during which attendees discussed about standardization for eSignature/eSeal Validation services provided by Trust Service Providers, addressing conformity assessment, protocols and validation report. The STF presented the key aspects of each deliverable. Inputs were received from service providers, conformity assessment bodies and supervisory authorities. The technical specifications on the signature validation report and on the policy requirements for TSP providing signature validation services could then be finalized and were published.
Set up in October 2017, a third STF (STF 539) considers remote signature creation services. A workshop was held on 13 June 2018, as part of the ETSI Security Week 2018, where the STF promoted its work and received inputs from stakeholders. The STF completed the new technical specifications on policy requirements for trust service providers providing remote signature creation modules. The deliverable defining the protocols for creating digital signatures remotely is due in early 2019.
The committee published a brand-new TS defining Qualified Certificate Profiles and TSP Policy Requirements for Payment Services under the payment services Directive 2015/2366/EU (called PSD2). Following its first publication and the workshop held in March 2018, TC ESI and EBA (European Banking Authority) had discussions to ensure the ETSI specification fits PSD2 needs. As a result, an update of the TS was published in November 2018.
Following on the study on long term data preservation services, we progressed on new standardisation activities including the definition of policy and security requirements and of protocols for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques.
In 2018, TC ESI initiated new work on the specification of machine-processable signature policy formats and on the internationalization of TSP work. The objective for the latter is to facilitate the global recognition and trust of EU PKI Trust Services, supporting the eIDAS Regulation based on EU standards, thus enabling EU Trust services to operate not only within the internal European market, but also within the global market for trustworthy online services supporting PKI services for trust services such as web site authentication, electronic signatures and seals, code signing, secure email
LOOK OUT FOR IN 2019 – TC ESI WORK IN PROGRESS:
- Revision to EN on Certificate Profiles
- Revision to EN on requirements for bodies assessing Trust Service Providers
- Revision to EN on Associated Signature Containers (ASiC)
- Revision to EN on Procedures for Creation and Validation of AdES signatures
- Revision to Technical Specification (TS) on Trusted Lists
- TS on Signature Policies
- Revision to Technical Report (TR) on framework for signatures standardization
- TR on Global Acceptance of EU Trust Services
- TS on requirements for long-term preservation of signatures or unsigned data
- TS on use of information within a trusted list
- TS on incorporation of ERS mechanisms in XAdES
- TS on schema for machine-readable cryptographic algorithm catalogues
- TS on JAdES digital signatures
- TS on policy and security requirements for AdES digital signature augmentation
- TS on policy and security requirements for trust service components providing identity proofing of trust service subjects