|Title||Electronic Signatures and Infrastructures (ESI);Policy requirements for certification authorities issuing qualified certificates|
|Acronym||ETSI TS 101 456|
|Committee||ETSI TECHNICAL COMMITTEE MACHINE-TO-MACHINE COMMUNICATIONS (M2M)|
The policy requirements relating to the CA include requirements on the provision of services for registration, certificate generation, certificate dissemination, revocation management, revocation status and, if required, signature-creation device provision. Other certification-service-provider functions such as time-stamping, attribute certificates and confidentiality support are outside the scope of the present document. In addition, the present documentdoes not address requirements for certification authority certificates, including certificate hierarchies and cross-certification. The policy requirements are limited to requirements for the certification of keys used for electronic signatures.These policy requirements are specifically aimed at qualified certificates issued to the public, and used in support of qualified electronic signatures (i.e. electronic signatures that are legally equivalent to hand-written signatures in linewith article 5.1 of the European Directive on a community framework for electronic signatures ). It specifically addresses the requirements for CAs issuing qualified certificates in accordance with annexes I and II of this Directive . Requirements for the use of secure-signature-creation devices as specified in annex III, which is also a requirement for electronic signatures in line with article 5.1, is an optional element of the policy requirements specified in the present document. Certificates issued under these policy requirements may be used to authenticate a person who acts on his own behalf or on behalf of the natural person, legal person or entity he represents. These policy requirements are based around the use of public key cryptography to support electronic signatures. The present document may be used by competent independent bodies as the basis for confirming that a CA meets the requirements for issuing qualified certificates. It is recommended that subscribers and relying parties consult the certification practice statement of the issuing CA to obtain further details of precisely how a given certificate policy is implemented by the particular CA. The present document does not specify how the requirements identified may be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors.