Commit 7b9dfcf5 authored by Sammy Haddad's avatar Sammy Haddad
Browse files

Merge branch 'patch-1' into 'main' 

Update by Giulio Di Clemente:

See merge request cyber/stan4cr2/en-304-624!9
parents 0f91fb28 7fcb7085

EN-304-624.md

+4 −4
Original line number Diff line number Diff line
@@ -136,7 +136,7 @@ The present document has been prepared under the Commission's standardisation re 
Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in table […] confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.



# Modal verbs terminology

In the present document "**should** ", "**should not** ", "**may** ", "**need not** ", "**will** ", "**will not** ", "**can** " and "**cannot** " are to be interpreted as described in clause 3.2 of the [ETSI Drafting Rules](https://portal.etsi.org/Services/editHelp/How-to-start/ETSI-Drafting-Rules) (Verbal forms for the expression of provisions).

In the present document "**should** ", "**should not** ", "**may** ", "**need not** ", "**shall** ", "**shall not** ", "**can** " and "**cannot** " are to be interpreted as described in clause 3.2 of the [ETSI Drafting Rules](https://portal.etsi.org/Services/editHelp/How-to-start/ETSI-Drafting-Rules) (Verbal forms for the expression of provisions).



"**must** " and "**must not** " are **NOT** allowed in ETSI deliverables except when used in direct citation.
@@ -231,7 +231,7 @@ For the purposes of the present document, the [following] abbreviations apply: 
|EC|Enrolment Credential (similar to LTC)|

|HSM|Hardware Security Module|

|ITS|Intelligent Transport System|

|MA|Misbehaviour Authority|

|MA|Misbehaviour Authority| #unsure whether this is the correct term (GDC)

|OCSP|Online Certificate Status Protocol|

|PKC|Public Key Certificate|

|PKI|Public Key Infrastructure|
@@ -331,7 +331,7 @@ The enterprise shall have a production system for issuing certificates and can b 


The PKI software shall be deployed on servers within the enterprise's server rooms or data centre, or on a platform hosted by the enterprise's cloud service provider.   



NOTE 1:	PKI-as-a-service and software-as-a-service are out of scope of the present document.

NOTE 1:	PKI-as-a-service and software-as-a-service are out of scope of the present document. #(GDC) This has already been said in the Scope section; no need to repeat.



If the certificate generation service in the production system uses a secure cryptographic device to manage the CA keys, this can be a physical device located in the enterprise's data centre or a virtual device hosted by the enterprise's cloud service provider.
@@ -810,7 +810,7 @@ The large enterprise or public CA shall have a production system for issuing cer 


The PKI software shall typically be deployed on servers within the CA's data centre, but less critical component services can be deployed on a platform hosted by a cloud service provider. 



NOTE 1: PKI-as-a-service and software-as-a-service are out of scope of the present document.

NOTE 1: PKI-as-a-service and software-as-a-service are out of scope of the present document. # (GDC) This note is redundant



The certificate generation service in the production system shall use a secure cryptographic device to manage the CA keys and, if required, generate subject keys. This shall likely be a physical device located in the enterprise's data centre.