The present document specifies policy requirements relating to Certification Authorities (CAs) issuing qualifiedcertificates (termed certification-service-providers issuing qualified certificates in the Directive [1]). It defines policyrequirements on the operation and management practices of certification authorities issuing qualified certificates suchthat subscribers, subjects certified by the CA and relying parties may have confidence in the applicability of thecertificate in support of electronic signatures.
The policy requirements are defined in terms of:
a) the specification of two closely related qualified certificate policies for qualified certificates issued to thepublic, one requiring the use of a secure-signature-creation device;
b) a framework for the definition of other qualified certificate policies enhancing the above policies or forqualified certificates issued to non-public user groups.
The policy requirements relating to the CA include requirements on the provision of services for registration, certificategeneration, certificate dissemination, revocation management, revocation status and, if required,signature-creation device provision. Other certification-service-provider functions such as time-stamping, attributecertificates and confidentiality support are outside the scope of the present document. In addition, the present documentdoes not address requirements for certification authority certificates, including certificate hierarchies andcross-certification. The policy requirements are limited to requirements for the certification of keys used for electronicsignatures.
These policy requirements are specifically aimed at qualified certificates issued to the public, and used in support ofqualified electronic signatures (i.e. electronic signatures that are legally equivalent to hand-written signatures in linewith article 5.1 of the European Directive on a community framework for electronic signatures [1]). It specificallyaddresses the requirements for CAs issuing qualified certificates in accordance with annexes I and II of thisDirective [1]. Requirements for the use of secure-signature-creation devices as specified in annex III, which is also arequirement for electronic signatures in line with article 5.1, is an optional element of the policy requirements specifiedin the present document.
Certificates issued under these policy requirements may be used to authenticate a person who acts on his own behalf oron behalf of the natural person, legal person or entity he represents.
These policy requirements are based around the use of public key cryptography to support electronic signatures.
The present document may be used by competent independent bodies as the basis for confirming that a CA meets therequirements for issuing qualified certificates.
It is recommended that subscribers and relying parties consult the certification practice statement of the issuing CA toobtain further details of precisely how a given certificate policy is implemented by the particular CA.
The present document does not specify how the requirements identified may be assessed by an independent party,including requirements for information to be made available to such independent assessors, or requirements on suchassessors.
NOTE: See CEN Workshop Agreement 14172 “EESSI Conformity Assessment Guidance”.
- Edition:
- 1.4.3
- Published:
- 05/01/2007
- Number of Pages:
- 51
- File Size:
- 1 file , 270 KB
- Note:
- This product is unavailable in Russia, Ukraine, Belarus
Reviews
There are no reviews yet.