> Can anyone familar with national digital signature laws in the EU answer > this question?
Each EU country is different. To acheive accreditation, a CA must typically use a paid independent accreditor licensed by the state in question. Following are two countries most familar to me: In the UK, a voluntary accreditation called T-Scheme (www.tscheme.org/) is used - and this has some sort of cross-relevance in Europe. It emphasizes the EESSI standards, but also has a lot of BS 7799 in it. KPMG and LRQA are the accreditors. In Switzerland (not EU), which recently enacted an electronic signature law, an accredited CA must prove compliance with their national law SR 784.103.1 as well as either ETSI 101.456 or ANSI X9.79. KPMG is currently the only provider of this accreditation service. In short, lots of regulations that look and sound similar - but have important local variations. In fact, the EU recently released a report on e-procurement that stated that the lack of consistent regulation/recognition of CAs was a major hinderance to the creation of community-wide e-government projects. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
