[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-dev] DSS services and European Signature law
Hi Pim, as this is a difficult topic I used Detlef as my backup expert ;-) Detlef confirmed my quick guess that each an every component of a DSS-based SSCD needs to evaluated on its own. Usually that's would require an evaluation of a hardware component ( hopefully a smartcard with a testimonial ) and the software artifacts. But an EAL 4+ evaluation of a software component would be extremely expensive and would need a re-evaluation with every minor release .. would presume this to be overkill. Don't think that's a way to ... Greetings Andreas ----- Original Message ---- From: Pim van der Eijk <lists@sonnenglanz.net> To: Andreas Kuehne <kuehne@trustable.de>; dss-dev@lists.oasis-open.org Cc: veit@trustable.de Sent: Thursday, February 7, 2008 4:15:09 PM Subject: RE: [dss-dev] DSS services and European Signature law Hello Andreas, Thanks a lot for your response. You are right that there are many more issues to consider to be able to state whether or not a DSS implementation meets EAL 4+. To rephrase my question, more precisely, assume we have some device that is certified to meet the requirements of CWA 14169 that has a "trusted path" to a local user interface. For instance, it could be a hardware device that uses the keyboard and monitor of a computer as user interface. Now assume an alternative device that is similar in all ways except that it can be accessed from remotely using DSS. Would this device qualify as an SSCD? Pim ___________________________________________________ Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne Heiko Veit Company UK Company No: 5218868 Registered in England and Wales
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]