crypto component services - is there a market?

Stefan Kelm stefan.kelm at secorvo.de
Fri Apr 27 09:35:09 EDT 2007 

Nicholas,

>> Stefan is talking about Germany 
> 
> I realise that, but he said "Europe", so I felt a UK counter-example was
> in order!

Point taken.  :)  However, there are other countries w/ similar rules.

>> Qualified certificates are defined in the European Digital Signature
>> Directive, which is an over-arching design for all the EU countries to
>> pass into local law.
>>
>> Basically, they are personal smart cards operating under (harsh and
>> uneconomic) secure conditions, because they really tried hard to make
>> the results like human signatures.
> 
> As I read it, the cards are the so-called "secure signature creation
> devices", while the certificates are, well, just certificates.

Yep.

>>> I received and continue to receive electronic invoices from time to
>>> time, but none appear to be digitally signed, nor have I seen evidence
>>> of time-stamping in operation.
>>
>> UK probably ignored the whole thing.  More power to them. Under Anglo
>> common law this is not an issue, as long as there is a lightweight
>> digsig model "shall not be denied legal standing solely on the basis
>> that it is a digsig."
> 
> Well, we implemented the Directive, which didn't require much change to
> the law, as you note.  But there has been little take-up for a solution
> in search of a problem.

There's another EU Diretive on "simplifying, modernising and harmonising
the conditions laid down for invoicing in respect of value added tax".

   Invoices sent by electronic means shall be accepted
   by Member States provided that the authenticity of
   the origin and integrity of the contents are guaranteed:

   - by means of an advanced electronic signature
     within the meaning of Article 2(2) of Directive
     1999/93/EC of the European Parliament and of
     the Council of 13 December 1999 on a
     Community framework for electronic signatures;
     Member States may however ask for
     the advanced electronic signature to be based on
     a qualified certificate and created by a secure-signature-
     creation device, within the meaning of
     Article 2(6) and (10) of the aforementioned
     Directive;"

That's the one I was talking about earlier. eInvoicing
slowly seems to take off in a few european countries.
I have no idea as to how this Directive has been
transposed into UK law, though.

Cheers,

	Stefan.

--------------------------------------------------------
T.I.S.P.  -  Lassen Sie Ihre Qualifikation zertifizieren
vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/
--------------------------------------------------------
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm at secorvo.de, http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list