|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
ETSI TS 102 042 V2.1.1 (2009-05)
|
|
Title:
|
Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates
|
|
|
2.
|
Status of approval:
|
|
|
The referenced integrated version of the ETSI TS 102 042 standard was approved in 2009.
|
|
3.
|
Justification for the specific reference:
|
|
|
required by CA/Browser Forum
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Some information may be available in the ETSI IPR archives at (http://webapp.etsi.org/IPR/home.asp).
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
widely recognized within Europe as the definitive CA requirements specification
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
widely recognized within Europe as the definitive CA requirements specification. Minor modifications are reflected in one subsequent revision
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
The referenced standard has completed the rigorous and comprehensive review and approval process of the ETSI. See history
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[1] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the/
protection of individuals with regard to the processing of personal data and on the free movement/
of such data./
[2] FIPS PUB 140-1: "Security Requirements for Cryptographic Modules"./
[3] FIPS PUB 140-2 (2001): "Security Requirements for Cryptographic Modules"./
[4] ISO/IEC 15408 (parts 1 to 3): "Information technology - Security techniques - Evaluation criteria/
for IT security"./
[5] CEN Workshop Agreement 14167-1: "Security Requirements for Trustworthy Systems Managing/
Certificates for Electronic Signatures - Part 1: System Security Requirements"./
[6] CEN Workshop Agreement 14167-2 (2004): "Security Requirements for Trustworthy Systems/
Managing Certificates for Electronic Signatures - Part 2: Cryptographic Module for CSP signing/
operations with backup - Protection profile (CMCSOB-PP)"./
ETSI/
9 ETSI TS 102 042 V2.1.2 (2010-04)/
[7] CEN Workshop Agreement 14167-3 (2004): "Security Requirements for Trustworthy Systems/
Managing Certificates for Electronic Signatures - Part 3: Cryptographic module for CSP key/
generation services - Protection profile (CMCKG-PP)"./
[8] CEN Workshop Agreement 14167-4 (2004): "Security Requirements for Trustworthy Systems/
Managing Certificates for Electronic Signatures - Part 4: Cryptographic module for CSP signing/
operations - Protection profile - CMCSO PP"./
[9] ISO/IEC 9594-8/ITU-T Recommendation X.509: "Information technology - Open Systems/
Interconnection - The Directory: Public-key and attribute certificate frameworks"./
[10] Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts./
[11] ISO/IEC 27002 (2005): "Information technology - Security techniques - Code of practice for/
information security management"./
NOTE: ISO/IEC 17799 (2005) was re-numbered as ISO/IEC 27002 on 2007-07-01./
[12] IETF RFC 3647: "Internet X.509 Public Key Infrastructure - Certificate Policy and Certification/
Practices Framework"./
NOTE: Obsoletes IETF RFC 2527 [i.3]./
[13] ETSI TS 102 158: "Electronic Signatures and Infrastructures (ESI); Policy requirements for/
Certification Service Providers issuing attribute certificates usable with Qualified certificates"./
[14] ETSI TS 102 176-1: "Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters/
for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms"./
[15] ETSI TS 101 456: "Electronic Signatures and Infrastructures (ESI); Policy requirements for/
certification authorities issuing qualified certificates"./
[16] Guidelines for The Issuance and Management of Extended Validation Certificates, CA Browser/
Forum, 1 October 2009, Version 1.2./
[17] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation/
List (CRL) Profile"./
[18] IETF RFC 2119: "Key words for use in RFCs to Indicate Requirement Levels"./
[19] ISO/IEC 17021: "Conformity assessment - Requirements for bodies providing audit and/
certification of management systems"./
2.2 Informative references/
The following referenced documents are not essential to the use of the present document but they assist the user with/
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including/
any amendments) applies./
[i.1] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a/
Community framework for electronic signatures./
[i.2] CEN Workshop Agreement 14172-2: "EESSI Conformity Assessment Guidance -/
Part 2: Certification Authority services and processes"./
[i.3] IETF RFC 2527: "Internet X.509 Public Key Infrastructure - Certificate Policy and Certification/
Practices Framework".
|
|
9.
|
Qualification of
ETSI:
|
|
|
ETSI is recognized under the provisions of ITU-T Recommendations A.5 and A.6. Qualifying information is on file at TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None.
|
