There are a lot of standards in PKI and those change relatively often so keeping track of these updates is quite difficult. This article is about a version update of an ETSI standard. More precisely about the ETSI TS 102 941 standard version update from 1.3.1 to 1.4.1. At first, we take a brief look at what ETSI TS 102 941 is all about, then go through the differences between the two versions. In conclusion, we will discuss how these changes affect Microsec V2X PKI and how we have handled and usually handle these and other changes in such standards. So, let’s get started.
With one sentence, the ETSI TS 102 941 standard describes how trust and privacy can be managed in ITS (Intelligent Transport System) communications. To go in a little more in the details, this standard relies on two other standards. One standard is the ETSI TS 102 731, which defines ITS security services. The other one is the ETSI TS 102 940 standard, which declares and describes the ITS’s security architecture. The ETSI TS 102 941 uses certain services of the first mentioned standard and the other one forms the basis of this standard for requesting a secure certificate. It tells how one should use the security services in communication with the PKI and how one can obtain certificates. It defines how, when, which one and which way should one use these services during this communication. It precisely defines what parameters should a message contain, which ETSI data structures should be used and how. The standard also goes into details about what message sequences should an ITS-S go through in the initialization phase to achieve an ITS secured message with which can communicate with other ITS-S. For example, what message sequences must be executed for an ITS-S to receive an AT (Authorization Ticket). And at the end, it describes how should the CTL (Certificate Trust List) can be handled by the TLM (Trust List Manager) and RCA (Root Certificate Authority). In summary, this standard is about all the communication between end entities and the PKI in the ITS and how it can be done securely.
There are two more significant changes in the new version. The first one is about how the TLM should handle the CTL. They introduce new cases in the specification and specify what should be done regarding those. The second one is that they have defined a new message form for re-keying an RCA or TLM certificate. In case of re-keying the RCA or TLM certificate, one should send a Link Certificate Message beside the new re-keyed certificate. This Link Certificate Message is a composite message containing the new certificate's ID and signed with the old certificate. This signed message is signed again but now with the new certificate, so it becomes a double signed message and can be sent with the re-keyed certificate.
In the V2X PKI, these changes only apply to the higher-level entities in the hierarchy, for example TLM or RCA providers like Microsec. These changes do not directly affect vehicles only in that they also use this CTL and are informed of the new certificates from here.
Microsec, as the Root CA, as with all other relevant standards, handles this and has immediately made the necessary changes to the version update, thus providing users with up-to-date services in this regard.
© 2021 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41