The European Directive on Electronic Signature must be updated
We must remember that in those years, we used to access the Internet with a browser called Netscape on a computer running Windows 95 and a 28.8 kbit/s modem.
Therefore it’s necessary an update of the Directive that can resolve some of the problems encountered during these years, and adapt it to new needs.
Then I will announce some of the issues that, from my point of view, I consider important, leaving for other posts to develop them:
- CSPs should ensure the provision of on-line (direct or indirect) of reliable data concerning revocation of certificates they issue. This will eliminate the “grace periods” that bring so many problems in generating AdES formats (Advanced Electronic Signatures).
- The Directive should define the Legal Person Seal. Since is not included in the current version, some member states have developed different aproachs. For example, in Spain, there is a “qualified” electronic signature of legal persons (¿?) or, in the field of public administration, the Entity Seal to automatize administrative actions. A Legal Person Seal, which obviously should not be equivalent to a handwritten signature, would allow a good solution for electronic invoicing systems.
- Ensure that the requirement “it is created using means that the signatory can maintain under his sole control” does not prevent the development of centralized signature systems, which consequently, the SSCDs could be deployed in the cloud.