1

A qualified trust service provider under eIDAS uses ESSCertIDv2 for their time stamp tokens, but ESSCertIDv2 was not present in the RFC 3161 specification, it was added later in RFC 5816.

RFC 3161 in 2.4.2 requires ESSCertID:

The certificate identifier (ESSCertID) of the TSA certificate MUST be included as a signerInfo attribute inside a SigningCertificate attribute.

Can a token that uses ESSCertIDv2 instead of ESSCertID be a valid RFC 3161 time stamp token?

Can it be used as a qualified time stamp under eIDAS?

Community
  • 1
Victor
  • 373
  • 1
  • 10

1 Answers1

0

Can a token that uses ESSCertIDv2 instead of ESSCertID be a valid RFC 3161 time stamp token?

Yes. As per ยง2.1 of RFC 5816, "[i]f the certReq field is present and set to true, the TSA's public key certificate that is referenced by the ESSCertID [ESS] field ... or by the ESSCertIDv2 [ESSV2] field ... MUST be provided by the TSA ..."

Can it be used as a qualified time stamp under eIDAS?

Hmm, yes obviously. (Hope I haven't misunderstood the question.)

Taiki
  • 101
  • 2