[cabfcert_policy] Terminology alignment
Moudrick M. Dadashov
md at ssc.lt
Sun Jun 18 14:21:02 MST 2017
ETSI TR 119 001 V1.2.1 (2016-03) Electronic Signatures and
Infrastructures (ESI); The framework for standardization of signatures;
Definitions and abbreviations:
/certification authority: authority trusted by one or more users to
create and assign public-key certificates//
//
//NOTE 1: Optionally the certification authority can create the
subjects' keys.//
//NOTE 2: A certification authority can be://
//
//1) a trust service provider that creates and assigns public key
certificates; or//
//2) a technical certificate generation service that is used by a
certification service provider that creates////and assign public key
certificates.//
/
Thanks,
M.D.
On 6/18/2017 7:57 PM, Peter Bowen wrote:
> It was recently pointed out to me that WebTrust for CAs is based on
> ISO 21188. ISO is in progress of revising this standard and has
> published revised version as a Draft International Standard (DIS).
> This revision is called ISO/DIS 21188.
>
> Unlikely many other reference documents, ISO/DIS 21188 clearly
> resolves the CA term. A Trust Services Provider (TSP) is a company or
> organization. A TSP operates Certification Authorities. The
> requirements in the standard usually start with the phrase “The CA
> shall”, so it is clear that this phrasing is not in conflict with
> these definitions.
>
> Excerpts from ISO/DIS 21188, unmodified except to replace “financial
> institution” with “company”:
>
> _3 Terms and definitions_
>
> *3.21 *
> *certification authority *
> *CA *
> *entity *(3.32) trusted by one or more entities to create, assign and
> revoke or hold public key certificates
>
> *3.52 *
> *relying party RP *
> recipient of a certificate who acts in reliance on that certificate,
> digital signatures verified using that certificate, or both
>
> *3.65 *
> *trust services provider TSP *
> approved organization (as determined by the contractual participants)
> providing trust services, through a number of *certification
> authorities *(3.21), to their customers who may act as subscribers or
> *relying parties *(3.52)
> NOTE A trust services provider may also provide certif icate
> validation services.
>
> _5.2 What is PKI?_
>
> PKIs are a practical technical solution to the problems posed by open
> networks. [Companies] are becoming trust services providers (TSPs), to
> take advantage of the growing market for security and authentication
> in online communications. Relying parties, as recipients of
> information, use TSPs to validate certificates used to authenticate
> on-line communications. A TSP may be an entity providing one or more
> trusted services, e.g. a Certification Authority or a Validation
> Service. A TSP is a recognized authority trusted by one or more
> relying parties to create and sign certificates. A TSP may also revoke
> certificates it has created and issued. A TSP operates one or more
> certification authorities (CAs) whose core functions are certificate
> issuing, certificate distribution and certificate validation. Within a
> [company], a CA is not necessarily a business entity but may be a unit
> or a function providing CA functions that may be trusted by relying
> parties and subscribing parties.
>
> The [company] may act as a TSP issuing certificates to the public and
> permits validation of certificates in an open network environment.
> TSPs may operate under voluntary TSP accreditation schemes or within
> an indigenous regulatory framework. Typically, there is no formal
> contract between the subscriber's TSP and the relying party
>
> I apologize for missing the last couple of WG meetings, so I’m a
> little behind on current status of the discussion. I hope that this
> does not run directly contrary to the current state.
>
> Thanks,
> Peter
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20170619/8ab07dcb/attachment-0001.html>
More information about the Policyreview
mailing list