ESI Activity Report 2017
Chairman: Riccardo Genghini, eWitness SA
Responsible for the standardization of electronic signatures and related trust infrastructures
TC ESI maintains standards and specifications published in response to European Commission (EC) Mandate M/460 on Electronic Signature Standardization.
During 2017 the committee started maintenance of deliverables published in response to mandate M/460. The European Standard (EN) providing statements for qualified certificates was re-published. The EN on general security and policy requirements for trust service providers (TSP) as well as the two ENs on security and policy requirements for trust service providers issuing (qualified) certificates have been reviewed to consider feedback from implementations and auditors, latest specifications from the CA/Browser Forum and also cover additional features requested by the eIDAS Regulation.
In support of this work, TC ESI organized a workshop on 13 June 2017, during the ETSI Security Week. The event reviewed the state of play one year after the entry in application of the eIDAS Regulation. The workshop gathered feedback from market stakeholders on the implementation of eIDAS, and more specifically on their use of standards to comply with the regulation (http://www.etsi.org/etsi-security-week-2017/eidas).
We published a study on long term data preservation services, including preservation of/with digital signatures. Building on this study, we began new standardization activities including the definition of policy and security requirements and of protocols for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques.
We published enhancements to the CAdES signature format to support the Evidence Record (ERS and XMLERS) and an update of its TS on cryptographic suites. For this latter, it considered inputs from the European Network and Information Security Agency (ENISA) and built on the agreed cryptographic mechanisms from SOG-IS (Senior Officials Group – Information Systems Security).
The ETSI Specialist Task Force (STF 523) – set up in October 2016 – made major progress in the elaboration of ENs on Electronic Registered Delivery Services (ERDS) and Registered EMail (REM) services. The work defines policy and security requirements fitting within the European Union (EU) scheme for the supervision of eDelivery services, as well as specifies the technical architecture, semantic contents, formats and protocol bindings. A workshop (http://www.etsi.org/etsi-security-week-2017/edelivery), held on 14 June 2017 during the ETSI Security Week, addressed the following points: the fundamentals of the ongoing work was presented; a status was made on the other standardization initiatives and how they complement ETSI work; input was gathered from ERDS and REM providers on their requirements in terms of standardization; finally the STF discussed with Conformity Assessment Bodies and National Supervisors the policy and security requirements fitting within the EU scheme for supervision of eDelivery services. At the end of October the stable drafts were made publicly available to gather feedback from external stakeholders. Work continues in 2018 and be completed early in 2019.
A second STF (524) – set up in November 2016 – continued developing three specifications related to signature validation reports and TSPs providing AdES digital signature validation services. Stable drafts were made publicly available on November 30th to gather feedback from external stakeholders. Work will be completed in August 2018.
A third STF (539) was set up on remote signature creation services. This STF will create new technical specifications covering both the policy requirements for trust service providers providing remote signature creation modules as well as the protocols for creating digital signatures remotely.