Some more thoughts concerning the legal aspects

["Huehnlein, Detlef" <Detlef.Huehnlein@secunet.com>]

Hi Pim,

concerning the statement that "DSS-like" systems (using a bunch of smartcard-based SSCDs as depicted 
on slide 20 of http://www.ecsec.de/pub/RSA2004.pdf) may be used in Germany to produce 
(and of course verify) qualified electronic signatures you may want to have a look 
at https://www.secure.trusted-site.de/certuvit/pdf/93145UD.pdf for example. "DSS-like" means 
that the certified version of this signature server uses a proprietary web-service-protocol, 
which is similar to DSS - and will most likely support DSS in a future version. ;-)

The initial uncertainty about the detailed requirements, which have to be fulfilled by an 
SSCD according to Annex III of [1999/93/EC] has IMHO been removed in 2003 by the publication
of [2003/511/EC] (cf. Annex B). 

Therefore I would be VERY interested to see whether there is a single EU member state, which 
a) still has requirements for SSCDs, which significantly deviate from [CWA 14169], or
b) has a concept of "self qualification" of SSCDs. 

As both points are NOT in line with (my understanding of) [1999/93/EC] I would be a little 
surprised, if such cases would exist today. 

BR,
 Detlef

Links:
[1993/93/EC]  http://www.signatur.rtr.at/repository/legal-directive-20000119-en.pdf
[2003/511/EC] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:175:0045:0046:EN:PDF 
[CWA 14169]   ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14169-00-2004-Mar.pdf 
--
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
Partner
secunet Security Networks AG
Sudetenstraße 16
96247 Michelau
Telefon +49 9571 896479
Mobil   +49 171  9754980
detlef.huehnlein@secunet.com
www.secunet.com
======================
Besuchen Sie uns auf der CeBIT 2008,
4. - 9. März 2008, Halle 6 Stand J36
(www.cebit.de)
----------------------
und auf dem Managed Security Forum 2008
2. April in Frankfurt am Main
7. Mai in Düsseldorf
29. Mai in Hamburg
16. Juni in München
(www.managed-security-forum.org)
Wir freuen uns auf interessante Gespräche mit Ihnen. 
======================
secunet Security Networks AG
Kronprinzenstr. 30
45128 Essen
Amtsgericht Essen HRB 13615

Vorstand:
Dr. Rainer Baumgart
Thomas Koelzer
Thomas Pleines

Aufsichtsratsvorsitzender:
Dr. Karsten Ottenberg

Diese E-mail kann vertrauliche Informationen enthalten. Falls Sie diese E-Mail irrtümlich erhalten haben, informieren Sie bitte unverzüglich den Absender und löschen Sie diese E-Mail von jedem Rechner, auch von den Mailservern. Jede Verbreitung des Inhalts, auch die teilweise Verbreitung, ist in diesem Fall untersagt. Außer bei Vorsatz oder grober Fahrlässigkeit schließen wir jegliche Haftung für Verluste oder Schäden aus, die durch Viren befallene Software oder E-Mails verursacht werden.

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver.
Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.