Summary of ETSIESI activities Andrea Caccia ETSIESI TB

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author

ETSI - European Telecommunications Standards Institute Ø produce globally applicable standards for Information & Communications Technologies Ø is recognised as an official European Standards Organisation by the European Union Ø international reputation is built on openness, discussion, consensus and direct input from members Ø Agreements with External Bodies • CAB (Certification Authority/Browser) Forum: Letter of Intent • ENISA (European Network and Information Security Agency): Memorandum of • • 2 Understanding ISO: Liaison Category A with ISO TC 154 (Processes, data elements and documents in commerce, industry and administration), Liaison Category D with ISO TC 171/SC 2/WG 8 (PDF specification) ISOC/IETF: Active working relationships OASIS: Memorandum of Understanding UPU (Universal Postal Union): Memorandum of Understanding

ETSI Electronic Signatures and Infrastructures (ESI) TC Ø TC ESI is responsible for Electronic Signatures and Infrastructures standardization within ETSI Ø ETSI/ESI plays a key role in the development of electronic signature related standards: • Signature formats: XAd. ES (TS 101 903) ->ISO, CAd. ES (TS 101 733) ->ISO, PAd. ES (TS 102 778) ->ISO and ASi. C (TS 102 918) and related profiles Trust Service Provider (TSP) Status Information (TSL, TS 102 231) Policy requirements for CAs: TS 102 042, TS 101 456 (Qual. Cert. ) TSA policy requirements: TS 102 023 Certificate profiles: TS 101 862 (Qual. Cert. ), TS 102 280 (Nat. Persons) Registered Electronic Mail (e. Delivery): TS 102 640 (multipart) Data preservation: TS 101 533 -1, TR 101 533 -2 Algo paper: TS 102 176 • • Ø Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests events 3

M 460 European Commission mandate Ø EC founded e. Signatures standardization activities Ø 4 years: 2011 -2014 Ø 1 st phase (executed) Ø definition of a rationalized standardization framework, in collaboration with CEN Ø several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications Ø 2 nd phase (starting by end 2012) Ø implement the rationalized standardization framework Ø support the new EU Regulation on electronic identification and trust services for electronic transactions in the internal market (exp. approval by end 2013) 4

Details on M 460 phase 1 Ø Rationalised Framework definition (STF 425) • Inventory of e. Signature Standards (worldwide) • Rationalised Framework Definition • Gap Analysis & Work Plan Ø Quick Fixes • STF 427 (CSP Conformity Assessment, QC profile, Sig. Validation Procedures, Sig. algorithms maintenance) • STF 426 (X/C/PAd. ES & ASi. C baseline profiles) • STF 428 (XAd. ES conformance testing, PAd. ES & ASi. C interoperability tests) • CEN (Update CWA 14169 & CWA 14167 towards EN’s) Ø Stakeholders Workshop 5

M 460 Phase 2: the new standardization framework CEN 6

ETSI REM TS 102 640 overview Ø Registered Electronic Mail: ØSecure Electronic Mail service Øable to generate trusted electronic evidence attesting that certain relevant events (submission by sender, delivery to the recipient, right fowarding, etc) have actually occurred. Ø Added value: Electronic evidences, which, when supported by legislation, have also legal value Ø Technical Specification for achieving interoperability on evidential services based on S/MIME on SMTP and services built on SOAP on HTTP (UPU Postal Registered Electronic Mail, BUSDOX networks)

Electronic Evidence Ø Sender and REM Management Domain related events: original message acceptance/rejection, object relay acceptance/rejection, etc. Ø Recipient related events: delivery/non delivery to recipient, download/non download by recipient, etc. Ø Interaction with non REM systems. Ø Specified evidence core components. Syntaxes: XML, ASN. 1 and PDF. Ø May be individually signed (each one in its own format) or/and collectively signed through a S/MIME signature. Specified signature profile.

References Ø General information: • http: //portal. etsi. org/esi_activities. asp Ø Stakeholders involvement • http: //www. e-signatures-standards. eu • Mailing list 9