M/460 -
General Information
The present document specifies generally applicable policy and security requirements for Trust Service Providers
(TSPs) issuing public key certificates, including trusted web site certificates.
The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle
management of certificates. These policy and security requirements support several reference certificate policies,
defined in clauses 4 and 5.
A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where
particular requirements apply is defined in clause 7.
The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as
specified in the present document. It does not include requirements for root CAs and intermediate CAs for other
purposes.
The present document is applicable to:
• the general requirements of certification in support of cryptographic mechanisms, including digital signatures
for electronic signatures and seals;
• the general requirements of certification authorities issuing TLS/SSL certificates;
• the general requirements of the use of cryptography for authentication and encryption.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 401 [8] for general policy requirements common to all classes of
TSP's services.
The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]
and BRG [5].
- Standard56 pagesEnglish languagesale 15% off
- Standard56 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard56 pagesEnglish languagesale 15% off
- Draft56 pagesEnglish languagesale 10% offe-Library read for1 day
The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are
independent of the type of TSP. It defines policy requirements on the operation and management practices of TSPs.
Other specifications refine and extend these requirements as applicable to particular forms of TSP. The present
document does not specify how the requirements identified can be assessed by an independent party, including
requirements for information to be made available to such independent assessors, or requirements on such assessors.
NOTE: See ETSI EN 319 403 [i.6] for details about requirements for conformity assessment bodies assessing
Trust Service Providers.
- Standard23 pagesEnglish languagesale 15% off
- Standard23 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard23 pagesEnglish languagesale 15% off
- Draft23 pagesEnglish languagesale 10% offe-Library read for1 day
The present document specifies requirements on the content of certificates issued to natural persons. This profile builds
on IETF RFC 5280 [1] for generic profiling of Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3].
This profile supports the requirements of EU Qualified Certificates as specified in the Regulation (EU)
No 910/2014 [i.5] as well as other forms of certificate. The scope of the present document is primary limited to
facilitate interoperable processing and display of certificate information. This profile therefore excludes support for
some certificate information content options, which can be perfectly valid in a local context but which are not regarded
as relevant or suitable for use in widely deployed applications.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
Certain applications or protocols impose specific requirements on certificate content. The present document is based on
the assumption that these requirements are adequately defined by the respective application or protocol. It is therefore
outside the scope of the present document to specify such application or protocol specific certificate content.
- Standard14 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard14 pagesEnglish languagesale 15% off
- Standard14 pagesEnglish languagesale 15% off
The present document provides an overview of the Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3] based certificate profiles and the statements for EU Qualified Certificates specified in other parts of ETSI EN 319 412 ([i.4] to [i.7]). It specifies common data structures that are referenced from other parts of ETSI EN 319 412 ([i.4] to [i.7]).
The profiles specified in this multi-part deliverable aim to support both the Regulation (EU) No 910/2014 [i.9] and use of certificates in a wider international context. Within the European context, it aims to support both EU Qualified Certificates and other forms of certificate.
- Standard15 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard15 pagesEnglish languagesale 15% off
- Standard15 pagesEnglish languagesale 15% off
The present document specifies a certificate profile for certificates issued to legal persons. The profile defined in the
present document builds on requirements defined in ETSI EN 319 412-2 [2].
The present document supports the requirements of EU qualified certificates as specified in the Regulation (EU)
No 910/2014 [i.3] as well as other forms of certificate.
- Standard10 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard10 pagesEnglish languagesale 15% off
- Standard10 pagesEnglish languagesale 15% off
The present document contains requirements for the competence, consistent operation and impartiality of conformity
assessment bodies assessing and certifying the conformity of Trust Service Providers (TSPs) and the trust services they
provide towards defined criteria against which they claim conformance.
NOTE 1: Those requirements are independent of the type and class of trust service provided.
The present document also contains requirements for the conformity assessment of trust services component services,
which later forms part of a separate conformity assessment of a TSP.
NOTE 2: This enables a provider of such component services, which are used as part of the service provided by
several TSPs, to avoid having to be assessed several times, or even for a TSP to provide a service based
just on a component service or collection of components whether or not they are recognized as a trust
service under Regulation (EU) No 910/2014 [i.1].
The present document applies the general requirements of ISO/IEC 17065 [1] to the specific requirements of
conformity assessment of TSPs.
The present document is part 1 of a multi-part deliverable. Other parts include:
• ETSI TS 119 403-2 [i.14]: "Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity
Assessment; Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service
Providers that issue Publicly-Trusted Certificates".
• ETSI TS 119 403-3 [i.15]: "Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity
Assessment; Part 3: Additional requirements for conformity assessment bodies assessing EU qualified trust
service providers".
- Standard29 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard29 pagesEnglish languagesale 15% off
- Standard29 pagesEnglish languagesale 15% off
- Standard29 pagesEnglish languagesale 15% off
The present document defines specific QCStatement for the qcStatements extension as defined in IETF
RFC 3739 [2], clause 3.2.6, including requirements for their use in EU qualified certificates. Some of these
QCStatements can be used for other forms of certificate.
The QCStatements defined in the present document can be used in combination with any certificate profile, either
defined in ETSI EN 319 412-2 [i.2], ETSI EN 319 412-3 [i.5] and ETSI EN 319 412-4 [i.6], or defined elsewhere.
The QCStatements defined in clause 4.3 may be applied to regulatory environments outside the EU. Other
requirements specified in clause 4 are specific to Regulation (EU) No 910/2014 [i.8] but may be adapted for other
regulatory environments.
- Standard19 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard19 pagesEnglish languagesale 15% off
- Standard19 pagesEnglish languagesale 15% off
REN/ESI-0019412-5v231
- Standard19 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard19 pagesEnglish languagesale 15% off
- Standard19 pagesEnglish languagesale 15% off
RTS/ESI-0019412-1v140
- Standard15 pagesEnglish languagesale 15% off
RTS/ESI-0019412-1v131
- Standard13 pagesEnglish languagesale 15% off
DTR/ESI-0019500
- Standard16 pagesEnglish languagesale 15% off
RTS/ESI-0019312v131
- Standard28 pagesEnglish languagesale 15% off
RTS/ESI-0019102-2v121
- Standard71 pagesEnglish languagesale 15% off
RTS/ESI-0019312v122
- Standard27 pagesEnglish languagesale 15% off
Define a structure for a signature validation report.
- Standard71 pagesEnglish languagesale 15% off
RTS/ESI-0019102-1-TSversion
- Standard79 pagesEnglish languagesale 15% off
RTS/ESI-0019412-1v121
- Standard13 pagesEnglish languagesale 15% off
The present document specifies general policy requirements relating to trust service providers (TSPs) that are
independent of the type of TSP. It defines policy requirements on the operation and management practices of TSPs.
Other specifications refine and extend these requirements as applicable to particular forms of TSP. The present
document does not specify how the requirements identified can be assessed by an independent party, including
requirements for information to be made available to such independent assessors, or requirements on such assessors.
NOTE: See ETSI EN 319 403 [i.6]: "Electronic Signatures and Infrastructures (ESI); Requirements for
conformity assessment bodies assessing Trust Service Providers".
- Standard22 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard22 pagesEnglish languagesale 15% off
- Standard22 pagesEnglish languagesale 15% off
- Standard22 pagesEnglish languagesale 15% off
The present document specifies policy and security requirements for the issuance, maintenance and life-cycle
management of EU qualified certificates as defined in Regulation (EU) No 910/2014 [i.1]. These policy and security
requirements support reference certificate policies for the issuance, maintenance and life-cycle management of EU
qualified certificates issued to natural persons (including natural persons associated with a legal person or a website)
and to legal persons (including legal persons associated with a website), respectively.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.6] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 411-1 [2] for general requirements on TSP issuing certificates.
- Standard31 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard31 pagesEnglish languagesale 15% off
- Standard31 pagesEnglish languagesale 15% off
- Standard31 pagesEnglish languagesale 15% off
The present document specifies generally applicable policy and security requirements for Trust Service Providers (TSP)
issuing public key certificates, including trusted web site certificates.
The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle
management of certificates. These policy and security requirements support several reference certificate policies,
defined in clauses 4 and 5.
A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where
particular requirements apply is defined in clause 7.
The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as
specified in the present document. It does not include requirements for root CAs and intermediate CAs for other
purposes.
The present document is applicable to:
• the general requirements of certification in support of cryptographic mechanisms, including digital signatures
for electronic signatures and seals;
• the general requirements of certification authorities issuing TLS/SSL certificates;
• the general requirements of the use of cryptography for authentication and encryption.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 401 [8] for general policy requirements common to all classes of
TSP's services.
The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]
and BRG [5].
- Standard52 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard52 pagesEnglish languagesale 15% off
- Standard52 pagesEnglish languagesale 15% off
- Standard52 pagesEnglish languagesale 15% off
REN/ESI-0019411-1v121
- Standard52 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard52 pagesEnglish languagesale 15% off
- Standard52 pagesEnglish languagesale 15% off
- Standard52 pagesEnglish languagesale 15% off
REN/ESI-0019401v221
- Standard22 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard22 pagesEnglish languagesale 15% off
- Standard22 pagesEnglish languagesale 15% off
- Standard22 pagesEnglish languagesale 15% off
REN/ESI-0019411-2v221
- Standard31 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard31 pagesEnglish languagesale 15% off
- Standard31 pagesEnglish languagesale 15% off
- Standard31 pagesEnglish languagesale 15% off
The present document defines specific QCStatement for the qcStatements extension as defined in IETF
RFC 3739 [2], clause 3.2.6, including requirements for their use in EU qualified certificates. Some of these
QCStatements can be used for other forms of certificate.
The QCStatements defined in the present document can be used in combination with any certificate profile, either
defined in ETSI EN 319 412-2 [i.2], ETSI EN 319 412-3 [i.5] and ETSI EN 319 412-4 [i.6], or defined elsewhere.
The QCStatements defined in clause 4.3 may be applied to regulatory environments outside the EU. Other
requirements specified in clause 4 are specific to Regulation (EU) No 910/2014 [i.8] but may be adapted for other
regulatory environments.
- Standard18 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard18 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard18 pagesEnglish languagesale 15% off
- Standard18 pagesEnglish languagesale 15% off
REN/ESI-0019412-5v221
- Standard18 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard18 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard18 pagesEnglish languagesale 15% off
- Standard18 pagesEnglish languagesale 15% off
RTS/ESI-0019312v121
- Standard27 pagesEnglish languagesale 15% off
RSR/ESI-0019020v112
- Standard40 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of ASiC containers creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to ASiC formats and procedures. First, it will define test suites as complete as possible for supporting the organization of interoperability testing events where different ASiC related applications may check their actual interoperability. Additionally, it will include the specifications required for building software tools for actually testing technical compliance of ASiC against the relevant ASiC related technical specifications. This part 3 will be used by entities interested in testing tools that generate and verify ASiC that claim to be compliant with the ASiC Baseline Profile as specified in EN 19 162.
- Standard18 pagesEnglish languagesale 15% off
RTS/ESI-0019164-2
- Standard14 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of ASiC containers creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to ASiC formats and procedures. First, it will define test suites as complete as possible for supporting the organization of interoperability testing events where different ASiC related applications may check their actual interoperability. Additionally, it will include the specifications required for building software tools for actually testing technical compliance of ASiC against the relevant ASiC related technical specifications. This part 5 will specify, among other things, rules for testing compliance of signatures against the ASiC Baseline specification. It will allow developing a tool that can automatically check that Baseline ASiC are fully compliant with the relevant aforementioned specifications, without claiming any statement on their validity.
- Standard17 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of ASiC containers creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to ASiC formats and procedures. First, it will define test suites as complete as possible for supporting the organization of interoperability testing events where different ASiC related applications may check their actual interoperability. Additionally, it will include the specifications required for building software tools for actually testing technical compliance of ASiC against the relevant ASiC related technical specifications. This part 4 will specify, among other things, rules for testing compliance of signatures against the ASiC specification. It will allow developing a tool that can automatically check that generated ASiC are fully compliant with the relevant aforementioned specifications, without any statement on their validity.
- Standard13 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of ASiC containers creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to ASiC formats and procedures. First, it will define test suites as complete as possible for supporting the organization of interoperability testing events where different ASiC related applications may check their actual interoperability. Additionally, it will include the specifications required for building software tools for actually testing technical compliance of ASiC against the relevant ASiC related technical specifications. This part 1 provides an overview of the series.
- Standard9 pagesEnglish languagesale 15% off
DTS/ESI-0019614-1
- Standard53 pagesEnglish languagesale 15% off
DTS/ESI-0019124-2
- Standard18 pagesEnglish languagesale 15% off
RTS/ESI-0019144-2
- Standard18 pagesEnglish languagesale 15% off
DTS/ESI-0019134-2
- Standard37 pagesEnglish languagesale 15% off
DTS/ESI-0019124-5
- Standard13 pagesEnglish languagesale 15% off
DTS/ESI-0019134-3
- Standard50 pagesEnglish languagesale 15% off
DTS/ESI-0019124-4
- Standard32 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of PAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to PAdES formats and procedures. First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different PAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical compliance of PAdES signatures against the relevant PAdES related technical specifications. This part 3 will be used by entities interested in testing tools that generate and verify PAdES signatures that claim to be compliant with the PAdES Baseline Profile as specified in EN 19 142.
- Standard18 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of PAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to PAdES formats and procedures. First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different PAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical compliance of PAdES signatures against the relevant PAdES related technical specifications. This part 4 will specify, among other things, rules for testing compliance of signatures against the PAdES specification. It will allow developing a tool that can automatically check that generated PAdES signatures are fully compliant with EN 319 142, without any statement on their validity.
- Standard15 pagesEnglish languagesale 15% off
DTS/ESI-0019134-4
- Standard65 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of PAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to PAdES formats and procedures. First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different PAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical compliance of PAdES signatures against the relevant PAdES related technical specifications. This part 5 will specify, among other things, rules for testing compliance of signatures against the PAdES Baseline Profile specification. It will allow developing a tool that could automatically check that a PAdES Baseline signature is fully compliant with the relevant part of EN 319 142, without claiming any statement on their validity or not.
- Standard13 pagesEnglish languagesale 15% off
DTS/ESI-0019124-3
- Standard27 pagesEnglish languagesale 15% off
RTS/ESI-0019134-5
- Standard28 pagesEnglish languagesale 15% off
This multi-part deliverable provides technical specifications for helping implementers and accelerating the development of PAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 19 103) with policies requiring conformity to PAdES formats and procedures. First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different PAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical compliance of PAdES signatures against the relevant PAdES related technical specifications. This part 1 provides an overview of the series.
- Standard8 pagesEnglish languagesale 15% off
DTR/ESI-0019134-1
- Standard8 pagesEnglish languagesale 15% off
DTR/ESI-0019124-1
- Standard10 pagesEnglish languagesale 15% off
The present document specifies XAdES digital signatures. XAdES signatures are built on XML digital signatures [i.4],
by incorporation of signed and unsigned qualifying properties, which fulfil certain common requirements (such as the
long term validity of digital signatures, for instance) in a number of use cases.
The present document specifies a number of XAdES signature levels, addressing incremental requirements to maintain
the validity of the signatures over the long term, in a way that a certain level always addresses all the requirements
addressed at levels that are below it. These XAdES extended signatures offer a higher degree of optionality than the
XAdES baseline signatures specified ETSI EN 319 132-1 [1].
Procedures for creation, augmentation, and validation of XAdES digital signatures are out of scope and specified in
ETSI EN 319 102-1 [i.7]. Guidance on creation, augmentation and validation of XAdES digital signatures is provided
including the usage of the different properties is provided in ETSI TR 119 100 [i.6].
The present document aims at supporting electronic signatures in different regulatory frameworks.
NOTE: Specifically but not exclusively, XAdES digital signatures specified in the present document aim at
supporting electronic signatures, advanced electronic signatures, qualified electronic signatures,
electronic seals, advanced electronic seals, and qualified electronic seals as per Regulation (EU)
No 910/2014 [i.1].
- Standard20 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard20 pagesEnglish languagesale 15% off
- Standard19 pagesEnglish languagesale 15% off
- Standard19 pagesEnglish languagesale 15% off
The present document specifies XAdES digital signatures. XAdES signatures build on XML digital signatures [1], by
incorporation of signed and unsigned qualifying properties, which fulfil certain common requirements (such as the long
term validity of digital signatures, for instance) in a number of use cases.
The present document specifies XML Schema definitions for the aforementioned qualifying properties as well as
mechanisms for incorporating them into XAdES signatures.
The present document specifies formats for XAdES baseline signatures, which provide the basic features necessary for
a wide range of business and governmental use cases for electronic procedures and communications to be applicable to
a wide range of communities when there is a clear need for interoperability of digital signatures used in electronic
documents.
The present document defines four levels of XAdES baseline signatures addressing incremental requirements to
maintain the validity of the signatures over the long term, in a way that a certain level always addresses all the
requirements addressed at levels that are below it. Each level requires the presence of certain XAdES qualifying
properties, suitably profiled for reducing the optionality as much as possible.
Procedures for creation, augmentation, and validation of XAdES digital signatures are out of scope and specified in
ETSI EN 319 102-1 [i.6]. Guidance on creation, augmentation and validation of XAdES digital signatures including the
usage of the different properties defined in the present document is provided in ETSI TR 119 100 [i.11].
The present document aims at supporting electronic signatures in different regulatory frameworks.
NOTE: Specifically but not exclusively, XAdES digital signatures specified in the present document aim at
supporting electronic signatures, advanced electronic signatures, qualified electronic signatures,
electronic seals, advanced electronic seals, and qualified electronic seals as per Regulation (EU)
No 910/2014 [i.1].
- Standard69 pagesEnglish languagesale 10% offe-Library read for1 day
- Standard69 pagesEnglish languagesale 15% off
- Standard70 pagesEnglish languagesale 15% off
- Standard67 pagesEnglish languagesale 15% off