Closed Bug 252610 Opened 19 years ago Closed 17 years ago

Add a.trust CA Certificate to builtin certificates

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 373746

People

(Reporter: sabet, Assigned: hecker)

References

(
URL
)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
Build Identifier: 

we at a.trust get a lot of requests from our customers, why our CA Certificate 
ist only included in MS Internet Explorer.

a.trust (founded in February 17, 2000) ist the only accredited TrustCenter in 
Austria issuing smartcard based qualified certificates for Austrian citizen 
used in eGovernment, etc.

In March 11, 2002 A-Trust has been accredited according to § 17 of the 
Austrian Signature Law by Telekom-Control-Kommission, the Austrian supervisory 
body.

A-Trust’s product range comprises user certificates, developer certificates 
and corporate certificates as well as consultation services and support with 
the development of e commerce and signature applications in accordance with 
the Directive 1999/93/EC.

OCSP : http://ocsp.a-trust.at
CPS: http://www.a-trust.at/docs/cps/a-sign-Premium/a-sign-premium.pdf
Audit: Telekom Control Commission
       http://www.signatur.rtr.at/en/providers/providers/atrust.html
       http://www.signatur.rtr.at/en/providers/services/atrust-asign-
premium.html

Certificate: http://www.a-trust.at/certs/A-Trust-Qual-01a.crt
             http://www.a-trust.at/certs/A-Trust-nQual-01a.crt
CRL: ldap://ldap.a-trust.at/ou=A-Trust-Qual-01,o=A-Trust,c=AT?
certificateRevocationList;binary?
     ldap://ldap.a-trust.at/ou=A-Trust-nQual-01,o=A-Trust,c=AT?
certificateRevocationList;binary?

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Well in the meantime we issued new certificates:

with longer validity (until 2014) and UTF-8 encoding.

All new certificates will be issued using only:
http://www.a-trust.at/certs/A-Trust-Qual-02a.crt

The certificates have been reissued based on the same key for validation 
purposes.
http://www.a-trust.at/certs/A-Trust-Qual-01a.crt
http://www.a-trust.at/certs/A-Trust-nQual-01a.crt

The new CRL-Distribution-Points:
ldap://ldap.a-trust.at/ou=A-Trust-Qual-02,o=A-Trust,c=AT?
certificaterevocationlist?base?objectclass=eidCertificationAuthority
ldap://ldap.a-trust.at/ou=A-Trust-Qual-01,o=A-Trust,c=AT?
certificaterevocationlist?base?objectclass=eidCertificationAuthority
ldap://ldap.a-trust.at/ou=A-Trust-nQual-01,o=A-Trust,c=AT?
certificaterevocationlist?base?objectclass=eidCertificationAuthority

regards,
   Ramin
My apologies for the delay in answering you. As I recall, the issue is how your
CA has been audited, and whether the Austrian accreditation is sufficient for
our purposes. As a first step, could you tell me if or how this relates to ETSI
TS 101.456? (This has been proposed as a criteria we could use for how CAs
operate, similar to WebTrust and ANSI X9.79.)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
The chain of Trust we are refering to is the following:

according to the Austrian supervisory authority Telekom-Control-Kommission 
a.trust is a accredited Trustcenter:
http://signatur.rtr.at/en/providers/providers/atrust.html


According to the European Signature Directive:
http://europa.eu.int/information_society/eeurope/2005/all_about/security/esigna
tures/index_en.htm in Austria the Telekom-Control-Kommission is responsible 
for Accreditation and supervision.


Our Policy http://www.a-trust.at/docs/cp/a-sign-premium/a-sign-premium.pdf 
confirms the compliance with ETSI TS 101 456 (Page 4)
Status: ASSIGNED → NEW
Long time since we received the last answer, is there anything else we can provide ?

regards
   Ramin
QA Contact: ca-certificates
Priority: -- → P2
This document is now a "404 Not Found":
http://www.a-trust.at/docs/cp/a-sign-premium/a-sign-premium.pdf 

Given the age of this request and the fact that some parts of the information provided are out of date, it would help us if you were to restate the request.

Please provide the following data in the following format, as a *plain text comment* in this bug. This will help me do whatever evaluation is necessary, and then will be part of a public record describing the Mozilla default root certificates.

CA Details
----------

CA Name:
Website:
One Paragraph Summary of CA, including the following:
 - General nature (e.g., commercial, government, academic/research, nonprofit)
 - Primary geographical area(s) served
 - Number and type of subordinate CAs
Audit Type (WebTrust, ETSI etc.):
Auditor:
Auditor Website:
Audit Document URL(s):
  
Certificate Details
-------------------
(To be completed once for each certificate)
  
Certificate Name:
Summary Paragraph, including the following:
 - End entity certificate issuance policy
Certificate HTTP URL (on CA website):
Version:
SHA1 Fingerprint:
MD5 Fingerprint:
Modulus Length (a.k.a. "key length"):
Valid From (YYYY-MM-DD):
Valid To (YYYY-MM-DD):
CRL HTTP URL:
OCSP URL:
Class (domain-validated, identity-validated or EV):
Certificate Policy URL:
CPS URL:
Requested Trust Indicators (email and/or SSL and/or code):

Thanks for your help in this matter. :-)

Gerv
as requested a new bug has been reported:
https://bugzilla.mozilla.org/show_bug.cgi?id=373746
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Blocks: 373746
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.