Electronic Signature Policies (RFC3125)
Original Publication Date: 2001-Sep-01
Included in the Prior Art Database: 2019-Feb-14
Internet Society Requests For Comment (RFCs)
J. Ross: AUTHOR [+2]
This document defines signature policies for electronic signatures. A signature policy is a set of rules for the creation and validation of an electronic signature, under which the validity of signature can be determined. A given legal/contractual context may recognize a particular signature policy as meeting its requirements. This memo defines an Experimental Protocol for the Internet community.
Network Working Group J. Ross Request for Comments: 3125 Security & Standards Category: Experimental D. Pinkas Integris N. Pope Security & Standards September 2001
Electronic Signature Policies
Status of this Memo
This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document defines signature policies for electronic signatures. A signature policy is a set of rules for the creation and validation of an electronic signature, under which the validity of signature can be determined. A given legal/contractual context may recognize a particular signature policy as meeting its requirements.
A signature policy has a globally unique reference, which is bound to an electronic signature by the signer as part of the signature calculation.
The signature policy needs to be available in human readable form so that it can be assessed to meet the requirements of the legal and contractual context in which it is being applied.
To allow for the automatic processing of an electronic signature another part of the signature policy specifies the electronic rules for the creation and validation of the electronic signature in a computer processable form. In the current document the format of the signature policy is defined using ASN.1.
The contents of this document is based on the signature policy defined in ETSI TS 101 733 V.1.2.2 (2000-12) Copyright (C). Individual copies of this ETSI deliverable can be downloaded from http://www.etsi.org.
Ross, et al. Experimental [Page 1]
RFC 3125 Electronic Signature Policies September 2001
Table of Contents
1. Introduction 3 2. Major Parties 3 3. Signature Policy Specification 5 3.1 Overall ASN.1 Structure 5 3.2 Signature Validation Policy 6 3.3 Common Rules 7 3.4 Commitment Rules 8 3.5 Signer and Verifier Rules 9 3.5.1 Signer Rules 9 3.5.2 Verifier Rules 11 3.6 Certificate and Revocation Requirements 11 3.6.1 Certificate Requirements 11 3.6.2 Revocation Requirements 13 3.7 Signing Certificate Trust Conditions 14 3.8 Time-Stamp Trust Conditions 15 3.9 Attribute Trust Conditions 16 3.10 Algorithm Constraints 17 3.11 Signature Policy Extensions 18 4. Security Considerations 18 4.1 Protection of Private Key 18 4.2 Choice of Algorithms 18 5. Conformance Requirements 19 6. References 19 7. Authors’ Addresses 20 Annex A (normative): 21 A.1 Definitions Using X.208 (1988) ASN.1 Syntax 21 A.2 Definitions Using X.680 (1997) ASN.1 Syntax 27 Annex B (informative): 34 B.1 Signature Policy and Signature Validation Policy 34 B.2 Identification of Signature Policy 36 B.3 General Signature Policy Information 36 B.4 Recognized Commitment Types 37 B.5 Rules for Use of Certification Authorities 37 B.5.1 Trust Points 38 B.5.2 Certification Path 38 B.6 Revocation Rules 39 B.7 Rules for the...