[cabfcert_policy] Terminology alignment

Moudrick M. Dadashov md at ssc.lt
Sun Jun 18 14:21:02 MST 2017 

ETSI TR 119 001 V1.2.1 (2016-03) Electronic Signatures and 
Infrastructures (ESI); The framework for standardization of signatures; 
Definitions and abbreviations:

/certification authority: authority trusted by one or more users to 
create and assign public-key certificates//
//
//NOTE 1: Optionally the certification authority can create the 
subjects' keys.//
//NOTE 2: A certification authority can be://
//
//1) a trust service provider that creates and assigns public key 
certificates; or//
//2) a technical certificate generation service that is used by a 
certification service provider that creates////and assign public key 
certificates.//
/
Thanks,
M.D.


On 6/18/2017 7:57 PM, Peter Bowen wrote:
> It was recently pointed out to me that WebTrust for CAs is based on 
> ISO 21188.  ISO is in progress of revising this standard and has 
> published revised version as a Draft International Standard (DIS). 
>  This revision is called ISO/DIS 21188.
>
> Unlikely many other reference documents, ISO/DIS 21188 clearly 
> resolves the CA term. A Trust Services Provider (TSP) is a company or 
> organization.  A TSP operates Certification Authorities.  The 
> requirements in the standard usually start with the phrase “The CA 
> shall”, so it is clear that this phrasing is not in conflict with 
> these definitions.
>
> Excerpts from ISO/DIS 21188, unmodified except to replace “financial 
> institution” with “company”:
>
> _3 Terms and definitions_
>
> *3.21 *
> *certification authority *
> *CA *
> *entity *(3.32) trusted by one or more entities to create, assign and 
> revoke or hold public key certificates
>
> *3.52 *
> *relying party RP *
> recipient of a certificate who acts in reliance on that certificate, 
> digital signatures verified using that certificate, or both
>
> *3.65 *
> *trust services provider TSP *
> approved organization (as determined by the contractual participants) 
> providing trust services, through a number of *certification 
> authorities *(3.21), to their customers who may act as subscribers or 
> *relying parties *(3.52)
> NOTE A trust services provider may also provide certif icate 
> validation services.
>
> _5.2 What is PKI?_
>
> PKIs are a practical technical solution to the problems posed by open 
> networks. [Companies] are becoming trust services providers (TSPs), to 
> take advantage of the growing market for security and authentication 
> in online communications. Relying parties, as recipients of 
> information, use TSPs to validate certificates used to authenticate 
> on-line communications. A TSP may be an entity providing one or more 
> trusted services, e.g. a Certification Authority or a Validation 
> Service. A TSP is a recognized authority trusted by one or more 
> relying parties to create and sign certificates. A TSP may also revoke 
> certificates it has created and issued. A TSP operates one or more 
> certification authorities (CAs) whose core functions are certificate 
> issuing, certificate distribution and certificate validation. Within a 
> [company], a CA is not necessarily a business entity but may be a unit 
> or a function providing CA functions that may be trusted by relying 
> parties and subscribing parties.
>
> The [company] may act as a TSP issuing certificates to the public and 
> permits validation of certificates in an open network environment. 
> TSPs may operate under voluntary TSP accreditation schemes or within 
> an indigenous regulatory framework. Typically, there is no formal 
> contract between the subscriber's TSP and the relying party
>
> I apologize for missing the last couple of WG meetings, so I’m a 
> little behind on current status of the discussion.  I hope that this 
> does not run directly contrary to the current state.
>
> Thanks,
> Peter
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20170619/8ab07dcb/attachment-0001.html>

More information about the Policyreview mailing list