RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039

Issues References and other minor editorial Subject DN attributes Scope Key usage qcStataments - mandatory use for QC and criticality

Subject attributes RFC 3039 text:  The subject field SHALL contain an appropriate subset of the following attributes:  Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain. Attributes under consideration:  postalAddress (not supported by RFC 3280)  Title (function/position within an organization)

Scope – The two ways RFC 3039 way  Profile for Qualified Certificates but scope is not limited to that. RFC 3039 bis way?  Profile for ID certificates that also defines specific tools for QC

Scope RFC 3039 Abstract: This document forms a certificate profile for Qualified Certificates, based on RFC 2459, for use in the Internet. The term Qualified Certificate is used to describe a certificate with a certain qualified status within applicable governing law. Section 2: The term "Qualified Certificate" has been used by the European Commission to describe a certain type of certificates with specific relevance for European legislation. This specification is intended to support this class of certificates, but its scope is not limited to this application. Section 2: Within this standard the term "Qualified Certificate" is used more generally, describing the format for a certificate whose primary purpose is identifying a person with high level of assurance in public non-repudiation services. The actual mechanisms that will decide whether a certificate should or should not be considered to be a "Qualified Certificate" in regard to any legislation are outside the scope of this standard.

Scope – Reasons for change Some functions of RFC 3039 are not specific to QC or “public non-repudiations services”  biometricInfo Extension  Issuer and Subject DN attribute set  Attribute semantics definitions (PI definition)  SubjectDirectory attributes dateOfBirth; placeOfBirth; gender; countryOfCitizenship; and countryOfResidence.

Scope – RFC3039 bis 00.txt Abstract: This document forms a certificate profile, based on RFC 3280, for identity certificates issued to physical persons. Abstract: The profile defines specific conventions for certificates that are qualified within a defined legal framework, named Qualified Certificates. The profile does however not define any legal requirements for such Qualified Certificates. Section 2: Within this standard the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to identify a person with high level of assurance, where the certificate meet some qualification requirements defined by an applicable legal framework.

Key usage RFC 3039  If the key usage nonRepudiation bit is asserted then it SHOULD NOT be combined with any other key usage, i.e., if set, the key usage non-repudiation SHOULD be set exclusively. RFC 3039bis 00.txt  Key usage settings SHALL be set in accordance with RFC 3280 definitions. Further conventions for key usage setting MAY be defined by certificate policies and/or local legal regulations. Motivation for change is highly dependent on scope

qcStatement Extension – mandatory use and criticality ETSI TS  Based on clear definition of QC as context for the standard  QC declaration through policy or qcStatement RFC 3039  No stipulation Proposal  RFC 3039 bis – no stripulation  TS bis – Mandatory use of qcStatament, May be critical