Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques (V1.1.1)
"The present document builds on the general policy requirements specified in ETSI EN 319 401 [1]@ specifies policy and security requirements for trust service providers providing long-term preservation of digital signatures and of general data@ i.e. signed data or unsigned data@ using digital signature techniques. The present document aims at supporting preservation services in different regulatory frameworks. Specifically@ but not exclusively@ the preservation service addressed in the present document aims at supporting qualified preservation service for qualified electronic signatures or seals as per Regulation (EU) No 910/2014 [i.2]. Specifically@ but not exclusively@ digital signatures in the present document cover electronic signatures@ advanced electronic signatures@ qualified electronic signatures@ electronic seals@ advanced electronic seals@ and qualified electronic seals as per Regulation (EU) No 910/2014 [i.2]. The present document addresses two main cases: 1) The preservation over long periods of time@ using digital signature techniques@ of the ability to validate a digital signature@ of the ability to maintain its validity status and of the ability to get a proof of existence of the associated signed data as they were at the time of the submission to the preservation service even if later the signing key becomes compromised@ the certificate expires@ or cryptographic attacks become feasible on the signature algorithm or the hash algorithm used in the submitted signature. NOTE 1: A qualified preservation service for qualified electronic signatures or seals as per Regulation (EU) No 910/2014 [i.2] for which the status of the technical validity needs to be preserved@ is covered in this case. NOTE 2: The validity status of a signature means the status of the signature that will not change over time. Such a status may be valid (TOTAL_PASSED according to ETSI EN 319 102-1 [i.6]) or invalid (TOTAL_FAILED and certain cases for INDETERMINATE according to ETSI EN 319 102-1 [i.6]). NOTE 3: ""Digital signature techniques"" designates techniques based on digital signatures@ time-stamps or evidence records. 2) The provision of a proof of existence of digital objects@ whether they are signed or not@ using digital signature techniques (digital signatures@ time-stamp tokens@ evidence records@ etc.). NOTE 4: In this case@ even if the main object to be preserved is a signature@ it is treated in the same way as any other file. NOTE 5: A proof of existence of digital object not using digital signature techniques is not in the scope of the present document. The present document covers different strategies for the preservation service. The applicable requirements depend on the strategy chosen by the preservation service. EXAMPLE 1: The preservation service can provide storage@ no storage@ or temporary storage. EXAMPLE 2: The preservation service can receive the digital signature@ the signed data@ the revocation information or only hash values and evidences. The present document identifies specific controls needed to address specific risks associated with preservation services. The transformation of the original data into another data object with equivalent object content and semantic to avoid the risk that the original data object/viewer system is becoming obsolete is out of the scope of the present document."