Category

OID

New ETSI OIDs for signature validation services policies

By | #eIdAS, eIDAS, Electronic Signatures, OID, Qualified electronic signatures Validation, Servicios de Confianza Digital, Trust Electronic Services, Trust Service Providers | No Comments

New Draft ETSI TS 119 441 proposes new OIDs for Signature Validation Service Policy:

  • itu-t(0) identified-organization(4) etsi(0) VAL SERVICE-policies(9441) policy-identifiers(1) main (1)
  • itu-t(0) identified – organization(4) etsi(0) VAL SERVICE – policies( 9441) policy – identifiers(1) qualified (2)
That is
  • OID 0.4.0.9441.1.1 as the main policy OID for Validation Services, and
  • OID 0.4.0.9441.1.2 as the policy OID for Validation Services that identifies qualified validation services as defined in articles Articles 32 and 33 of the Regulation UE 910/2014 (EIDAS)

Article 32

Requirements for the validation of qualified electronic signatures

1.   The process for the validation of a qualified electronic signature shall confirm the validity of a qualified electronic signature provided that:

(a)

the certificate that supports the signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I;

(b)

the qualified certificate was issued by a qualified trust service provider and was valid at the time of signing;

(c)

the signature validation data corresponds to the data provided to the relying party;

(d)

the unique set of data representing the signatory in the certificate is correctly provided to the relying party;

(e)

the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing;

(f)

the electronic signature was created by a qualified electronic signature creation device;

(g)

the integrity of the signed data has not been compromised;

(h)

the requirements provided for in Article 26 were met at the time of signing.

2.   The system used for validating the qualified electronic signature shall provide to the relying party the correct result of the validation process and shall allow the relying party to detect any security relevant issues.

3.   The Commission may, by means of implementing acts, establish reference numbers of standards for the validation of qualified electronic signatures. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation of qualified electronic signatures meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

Article 33

Qualified validation service for qualified electronic signatures

1.   A qualified validation service for qualified electronic signatures may only be provided by a qualified trust service provider who:

(a)

provides validation in compliance with Article 32(1); and

(b)

allows relying parties to receive the result of the validation process in an automated manner, which is reliable, efficient and bears the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.

2.   The Commission may, by means of implementing acts, establish reference numbers of standards for qualified validation service referred to in paragraph 1. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation service for a qualified electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

OID for natural and legal person qualified certificates

By | OID | No Comments

The coding of certain features of the qualified certificates are indicated by specific Object Identifiers (OID).

The technical standard that indicated them was until a few months ago ETSI TS 101 862, which reflected them bringing up the arch (now obsolete):

  • 1.3.6.1.5.5.7.0.11

And defining the information of the qualified certificate statement (QC-Statement) with the arc:

  • 0.4.0.1862

Currently, the application standard is ETSI EN 319 412-1 which has provoked that the information on qualified certificates not included in the previous standard is reflected with a new OID arc:

  • 0.4.0.194121

Therefore, qualified certificates may indicate certain features of certificates with OIDs starting with 0.4.0.1862 (originally designed for electronic signature of natural persons under Directive 1999/93, but nowadays also suitable for legal persons for the extension of concepts such as the electronic seal of EU Regulation 910/2014 EIDAS) and others with OID starting with 0.4.0.194121 (specifically to distinguish between individual and legal certificates as provided for in EU Regulation 910/2014 EIDAS).

These are the main OID:

  • 0.4.0.1862.1.1 – qcStatement – QcCompliance (Compulsory)
  • 0.4.0.1862.1.2 – qcStatement – QcLimitValue
  • 0.4.0.1862.1.3 – qcStatement – QcRetentionPeriod
  • 0.4.0.1862.1.4 – qcStatement – QcSSCD
  • 0.4.0.1862.1.5 – qcStatement – QcPDS (Compulsory)
  • 0.4.0.1862.1.6 – qcStatement – QcType
  • 0.4.0.194121.1.1 -> id-etsi-qcs-semanticsId-Natural -> Natural person semantics (for natural person certificates – electronic signature)
  • 0.4.0.194121.1.2 -> id-etsi-qcs-SemanticsId-Legal -> Legal person semantics (for legal person certificates – electronic seal)

The last 4 OIDs are new. We clarify 2 of them:

  • 0.4.0.1862.1.5 – qcStatement – QcPDS (Compulsory).
    It will provide at least one URL to a PDS (PKI Disclosure Statements) in English.

Other PDS documents in other languages can be referenced with this QCStatement, as long as they are equivalent to the PDS in English.

No more than one PDS per language should be referenced.

  • 0.4.0.1862.1.6 – qcStatement – QcType.
    id-etsi-qct-esign (0.4.0.1862.1.6.1)
    id-etsi-qct-eseal (0.4.0.1862.1.6.2)
    id-etsi-qct-web (0.4.0.1862.1.6.3)