1. www.bundesnetzagentur.de Infrastructure for qualified electronic Signatures in Germany Jürgen Schwemmer Moscow, 17th April 2014

2. 2 Overview „History“ of „Qualified Electronic Signatures“ (QES) since 1997 Peculiarities of QESs Recommendations/german Blueprint/Reality The eIDAS Regulation of 2014

3. 3 „History“ of QESs since 1997 1997 Regulation of (exclusively) technical-organizational system-security of (exclusively) QES (handwritten signature/will declaration) as prerequisite of changes in Civil Code… by German Signature Law and Ordinance (i.e. NO other regulations in the Signature Law) 1999 Inclusion of other kinds of signatures by Signature Directive 1999/93/EC leads to complete change of the actual objective (AUTHENTICATION), see especially Article 2, Article 5(1) vs. 5(2) and the time of validity check of certificates in annex IV NB:therefore annex IV (on demand of Germany) „only“ recommendation, although certificate verification is the most important/critical item! 2012/2014 New eIDAS Regulation with additional services like eIDs, seals, time stamps, verification services

4. 4 Peculiarities of QESs QES are means of will declaration and/or a legal equivalent of HANDWRITTEN signatures (only NATURAL persons!), (almost) all other signatures are means of authentication „Sign and forget“ needs very „longlasting systems“ (archiving/“oversigning“ by means of (qualified) archival time stamps… included; measures for algorithms necessary!) Revocation/“time out“ of Root- and/or CA-keys must NOT make validity check of end-user-certificates impossible („chain-model“ plus „indirect system“ as possible solutions) Validity check of certificates must be possible at „requested“ point of time or at time of signing, (mostly) NOT at the actual time point (i.e. „was the signature valid when it was done“?)

5. 5 Peculiarities of QESs (2) „Secure Signature Creation Device“ under REAL sole control of the owner! („shared“ or „distant“ solutions mostly critical) For legal reasons NO „suspend/resume“ of certificates! „suspended“ e.g. could mean „the person is incapacitated“ (exceptions only with e.g. „enforced“ use of time stamps…) (e.g. the) „Supervisory Authority“ must take care for customers/certificates of CSPs going/having gone out of business in order to continue the service („was the signature valid…“?) „Accreditation“ (Audit before start of operation) can be the way to the a.m. requirement (possibly also in future) no „market driven“ solution to be exspected (No private company´s real „business case“ for „my“ (free of costs) signature)

6. 6 Recommendations Use of hardware-based tokens as SSCD (mandatory for QES) Evaluation of SSCD forces the improvement of the „operational environment“ as side effect Separate paths for QC and non-QC in order to be able to react appropriately (e.g. „cut off“ of only the „infected areas“) Rigorous and complete auditing of the system, mandatory security concept including the use of signing-/verification tools… Strict supervision, NOT just „registering“ CA-production unit should not (easily) be accessed from the internet; only OSCP- responder should be „seen“ from outside „CRL-conclusio“ can be dangerous and misleading, no good protection against full-fakes of certificate-chains For QES anyway („whereas“ No. 20) longterm-concept necessary (CA out of business must NOT lead to user-certificate cannot be verified anymore); Archiving/timestamping!  Root-CA operated/mandated by public authority (no operation-termination)

7. 7 Thank You for Your Attention Questions? Jürgen Schwemmer Section Qualified Electronic Signatures Bundesnetzagentur, Germany e-mail:juergen.schwemmer@bnetza.de