Ian, > Hmmm... last I heard, qualified certificates can only be issued to > individuals, and invoicing (of the e-form that the regulations speak) > can only be done by VAT-registered companies.
True. > Is that not the case? How is Germany resolving the contradictions? By using pseudonyms within the certificate's common name. This is not only done in Germany but in other countries as well. Even CAs (and, at least in Germany, the root CA) are being issued qualified certificates, thus they need to use pseudonyms. The timestamping service by Deutsche Post, e.g., has a qualified certificate with the following DN: Subject DN : CN = TSS DP Com 31:PN OU = Signtrust O = Deutsche Post Com GmbH C = DE >> Since electronic invoices need to be archived in >> most countries some vendors apply time-stamps and >> recommend to re-apply time-stamps from time to time. > > > Easier to invoice with paper! potentially much more expensive, though. Cheers, Stefan. -------------------------------------------------------- T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ -------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]