Hello, Khabrovites!
I want to share one more creepy story related to digital signature. In the main roles, large certification centers - Kontur and Tensor.
The past problem , which arose in May, in general, was resolved - when I submitted an initiative to the ROI , I did not know that amendments to the 63-FZ "On Electronic Signature" would come into force on July 1, 2020, according to which the ability to authenticate with a valid certificate accredited CA is now enshrined in law.
But technically with the application of this law there are big restrictions, about which nothing is said in the law.
In particular, if you have an electronic signature certificate on a medium, you can easily use the new edition of FZ-63 and receive an EDS remotely, large certifying CAs have automated services for this task. But if the valid certificate is cloudy, problems begin.
Today I needed to get a new certificate at the TC of Tensor for a legal entity to work with VLSI. A valid certificate is available only from UC Kontur. It is qualified, but not on a separate key, but in the cloud, using CryptoPRO DSS technology .
I have a confirmed positive test for COVID, I am sitting at home in self-isolation until repeated negative tests. Those. there is even no opportunity to personally come to the CA and verify the identity according to the law, and the only option is the remote release.
Tensor's technical support said that the only technical way to verify the identity with a cloud certificate is to set up work with cloud storage in CryptoPRO 5.0 To do this, you need to know the address of the Authorization Server and DSS servers.
Contour's technical support refused to report these urls because:
"This is classified information"
" . DSS ."
" DSS ." ( . , ?)
( , 28323177)
QR-, myDSS, DSS : https://mydss.kontur-ca.ru/MyDssServerExternal/InteractionService.svc. . url . , - .
, :
DSS, . , . ( β33489)
"". - (.) (, ). . ( " " ) . :
, 63- .
6.5.1. ( ) ;
6.5.2.
, 3.1.4 34.10-2012, DSS, " (domain parameter): , , ". .. .
3.1.19. .
, - 9 ( ), 1000 . , , , , - . . , ?
I also heard the news that from January 1, 2022, CAs will not be able to issue electronic signature certificates to legal entities - these powers will pass to the FTS Certification Center. The fact that the CA is now hammered into customer service and technical development looks quite logical. But not to the same extent to violate the Federal Law.
Please write in the comments what you think about the problem described. I would especially like to see here the comments of representatives of Kontur, Tensor, CryptoPRO, the Ministry of Telecom and Mass Communications and the FSB :) And lawyers who specialize in issues of electronic signature.