Hallo AK VELS,
wir hatten ja heute erwähnt dass es im Kontext von ISO TC 154 (die
"EDIFACT"-Leute...) ein neues Normprojekt zu Signatur und
Langzeitaufbewahrung gibt/geben soll. Nachstehend die Infos, die ich
dazu herausgefunden habe. Teilweise also evt. Überlappung, wobei TC
154 bestimmte Aspekte außen vor lässt, die bei "uns" wohl durchaus
enthalten wären.
Wir sollten dennoch die TC 154-Aktivitäten näher erkunden und evlt.
auch mit "denen" Kontakt aufnehmen. TC 171 SC 2 plant wohl bereits
eine Liaison für dieses Projekt (so wie es auch eine Liaison mit ETSI
gibt).
Mit freundlichem Gruß,
Olaf Drümmer
ISO/TC 154 / SC N 536 - NEW WORK ITEM PROPOSAL:
"Long Term Signature profiles for EDI Data and Electronic Documents"
Scope of proposed project
This standard specifies the requirement for enabling verification of a
digital signature over a long period of time. This standard specifies
neither new technical specifications about the digital signature
itself, nor new restrictions of usage of the technical specifications
about the digital signatures which has already existed. This standard
specifies which elements should be chosen, in order to enable
verification of a digital signature over a long period of time among
the elements defined in CMS Advanced Electronic Signatures (CAdES)
which is the extended specification of Cryptographic message syntax
(CMS) used widely.
Date of presentation: 2009-01-15
Proposer: Mr. Kenji Itoh, Chairperson of TC154 Japan committee
Purpose and justification (attach a separate page as annex, if
necessary)
EDI and e-document with digital signatures and timestamps will be an
evidence for Authenticity and Integrity in the e-commerce.
It will ensure that a party cannot repudiate the fact of the
transaction.
Seeing the fact of the transaction from the point of view of “a record
that preservation is obliged”, it is very difficult to verify
signature for long term, because there is a matter of some concern
that Revocation Information related key compromise may not issued
after the certification distinct period of validity.
This standard defines a profile of digital signature format to keep
datum for verification of long term digital signature of EDI and e-
document.
Relevant documents to be considered
ETSI TS 101 733 CAdES
ETSI TS 101 903 XAdES
ISO 17050-1 Conformity assessment - Supplier's declaration of
conformity - Part 1: General requirements
Proposed Project Leader (name and address)
Kenji Urushima, kenji.urushima(a)entrust.com, office: +81 3 5211 8446
--
Olaf Druemmer | Managing Director | callas software GmbH |
Schoenhauser Allee 6/7 | 10119 Berlin
Tel +49.30.4439031-0 | Fax +49.30.4416402 | o.druemmer(a)callassoftware.com
| www.callassoftware.com
Amtsgericht Charlottenburg, HRB 59615 | Geschäftsführung: Olaf
Drümmer, Ulrich Frotscher