Nicholas, >> Stefan is talking about Germany > > I realise that, but he said "Europe", so I felt a UK counter-example was > in order!
Point taken. :) However, there are other countries w/ similar rules. >> Qualified certificates are defined in the European Digital Signature >> Directive, which is an over-arching design for all the EU countries to >> pass into local law. >> >> Basically, they are personal smart cards operating under (harsh and >> uneconomic) secure conditions, because they really tried hard to make >> the results like human signatures. > > As I read it, the cards are the so-called "secure signature creation > devices", while the certificates are, well, just certificates. Yep. >>> I received and continue to receive electronic invoices from time to >>> time, but none appear to be digitally signed, nor have I seen evidence >>> of time-stamping in operation. >> >> UK probably ignored the whole thing. More power to them. Under Anglo >> common law this is not an issue, as long as there is a lightweight >> digsig model "shall not be denied legal standing solely on the basis >> that it is a digsig." > > Well, we implemented the Directive, which didn't require much change to > the law, as you note. But there has been little take-up for a solution > in search of a problem. There's another EU Diretive on "simplifying, modernising and harmonising the conditions laid down for invoicing in respect of value added tax". Invoices sent by electronic means shall be accepted by Member States provided that the authenticity of the origin and integrity of the contents are guaranteed: - by means of an advanced electronic signature within the meaning of Article 2(2) of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures; Member States may however ask for the advanced electronic signature to be based on a qualified certificate and created by a secure-signature- creation device, within the meaning of Article 2(6) and (10) of the aforementioned Directive;" That's the one I was talking about earlier. eInvoicing slowly seems to take off in a few european countries. I have no idea as to how this Directive has been transposed into UK law, though. Cheers, Stefan. -------------------------------------------------------- T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ -------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]