926541 - QuoVadis G3 (SHA256) Root Inclusion Request

Status: RESOLVED FIXED

(CA Program :: CA Certificate Root Program, task)

Description

[Stephen Davidson]

Attachment: QuoVadis_CAInformationTemplate.pdf

QuoVadis would like to request inclusion of the following 3 root certificates to the NSS store.  These "G3" (SHA26) certificates should be added to the existing set of QuoVadis roots which are already trusted in NSS.

All 3 roots are used for issuing intermediate certificates which are then used to issue end-entity SSL, end user, and code-signing certificates. Only QuoVadis Root CA 2 G3 issues EV. 

Certificate Name:  QuoVadis Root CA 1 G3
Certificate Signature Algorithm:  sha256RSA
SHA1 Fingerprint: 1b 8e ea 57 96 29 1a c9 39 ea b8 0a 81 1a 73 73 c0 93 79 67
Valid From:  2012-01-12
Valid To:  2042-01-12
http://trust.quovadisglobal.com/qvrca1g3.crt

Certificate Name:  QuoVadis Root CA 2 G3
Certificate Signature Algorithm:  sha256RSA
SHA1 Fingerprint: 09 3c 61 f3 8b 8b dc 7d 55 df 75 38 02 05 00 e1 25 f5 c8 36
Valid From:  2012-01-12
Valid To:  2042-01-12
http://trust.quovadisglobal.com/qvrca2g3.crt
EV OID:  1.3.6.1.4.1.8024.0.2.100.1.2

Certificate Name:  QuoVadis Root CA 3 G3
Certificate Signature Algorithm:  sha256RSA
SHA1 Fingerprint: 48 12 bd 92 3c a8 c4 39 06 e7 30 6d 27 96 e6 a4 cf 22 2e 7d
Valid From:  2012-01-12
Valid To:  2042-01-12
http://trust.quovadisglobal.com/qvrca3g3.crt

The QuoVadis Repository may be found at:  https://www.quovadisglobal.com/QVRepository.aspx

Test certificates may be found at http://www.quovadisglobal.com/QVRepository/TestCertificates.aspx

These 3 roots are included in our WebTrust audits:

WebTrust https://cert.webtrust.org/ViewSeal?id=1503
WebTrust for EV https://cert.webtrust.org/ViewSeal?id=1508
WebTrust for Baseline https://cert.webtrust.org/ViewSeal?id=1520

These 3 new roots have already been distributed in Windows.

Comment 1

[Kathleen Wilson]

Attachment: test_ev_roots.txt

Comment 2

[Kathleen Wilson]

Attachment: QV-EV-Test.png

Comment 3

[Kathleen Wilson]

Attachment: Completed CA Information Document

Comment 4

[Kathleen Wilson]

Thank you for providing all of the information and having fully tested already -- it made my job easy!

I'll try to start the discussion soon.
https://wiki.mozilla.org/CA:Schedule#Queue_for_Public_Discussion

Comment 5

[Kathleen Wilson]

Attachment: Completed CA Information Document

Comment 6

[Kathleen Wilson]

I am now opening the first public discussion period for this request from QuoVadis to include the “QuoVadis Root CA 1 G3”, “QuoVadis Root CA 2 G3”, and “QuoVadis Root CA 3 G3” root certificates, turn on all three trust bits for the RCA1 and RCA3 root certs, and turn on the websites and code signing trust bits for the RCA2 root cert. The request is to also enable EV treatment for the “QuoVadis Root CA 2 G3” root certificate. These SHA256 root certs will eventually replace the corresponding QuoVadis root certificates that were included in NSS in bugs #238381 and #365281.

For a description of the public discussion phase, see https://wiki.mozilla.org/CA:How_to_apply#Public_discussion

Public discussion will be in the mozilla.dev.security.policy newsgroup and the corresponding dev-security-policy@lists.mozilla.org mailing list.

The discussion thread is called “QuoVadis Request to Include Renewed Roots”.

Please actively review, respond, and contribute to the discussion.

A representative of QuoVadis must promptly respond directly in the discussion thread to all questions that are posted.

Comment 7

[Kathleen Wilson]

The public comment period for this request is now over. 

This request has been evaluated as per Mozilla’s CA Certificate Policy at

 http://www.mozilla.org/projects/security/certs/policy/

Here follows a summary of the assessment. If anyone sees any factual errors, please point them out.

To summarize, this assessment is for the request to include the “QuoVadis Root CA 1 G3”, “QuoVadis Root CA 2 G3”, and “QuoVadis Root CA 3 G3” root certificates; turn on all three trust bits for the RCA1 and RCA3 root certs; turn on the websites and code signing trust bits for the RCA2 root cert; and enable EV treatment for the “QuoVadis Root CA 2 G3” root certificate.

Section 4 [Technical]. I am not aware of instances where QuoVadis has knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug.

Section 6 [Relevance and Policy]. QuoVadis appears to provide a service relevant to Mozilla users. It is a commercial CA serving a global client base, active in both the markets for SSL and End User certificates with a focus on digital signatures.  The company is a Qualified Certification Services Provider in Switzerland and Holland, and an issuer in the SuisseID (CH) and PKI Overheid (NL) eID programmes.  QuoVadis serves both enterprises and individuals.

Policies are documented in the documents published on their website and listed in the entry on the pending applications list; the main documents of interest are the CP/CPS, which are in English.

Document Repository: https://www.quovadisglobal.com/QVRepository.aspx

RCA1_RCA3_CPS:
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA1_RCA3_CPCPS_V4_15.ashx

RCA2_CPS:
https://www.quovadisglobal.com/~/media/Files/Repository/QV_RCA2_CPCPS_v1.15.ashx


Section 7 [Validation]. QuoVadis appears to meet the minimum requirements for subscriber verification, as follows:

* SSL: As described in section 10.7 of RCA1_RCA3_CPS, for each domain name listed in a certificate, QuoVadis confirms that the Applicant either is the Domain Name Registrant or has control over the domain. Appendix B of RCA2_CPS states that QuoVadis verifies that the Applicant (or a corporate parent/subsidiary) is a registered holder or has exclusive control of the domain name to be included in the EV Certificate; and verifies the Applicant’s identity, organization, and authority according to the EV Guidelines.

* Email: According to section 4.1.2 of RCA1_RCA3_CPS, QuoVadis takes reasonable measures to verify that the entity submitting the request controls the email account referenced in the Certificate, or has a legal right to request a Certificate including the email address. QuoVadis systems perform a challenge-response procedure by sending an email to the email address to be included in the Certificate. 

* Code: In RCA1_RCA3_CPS the Device certs described in section 10.7 may have the Code Signing EKU. RCA1_RCA3_CPS section 10.7 says: Before issuing a Device Certificate, QuoVadis performs procedures to verify that all Subject information in the Certificate is correct, and that the Applicant is authorised to use the domain name and/or Organisation name to be included in the Certificate, and has accepted a Certificate Holder Agreement for the requested Certificate. Appendix B of RCA2_CPS outlines the steps taken to verify that all Subject information in the Certificate is correct, and that the Applicant is authorised to sign code in the name to be included in the Certificate.

Section 18 [Certificate Hierarchy]. The hierarchy under the new (G3) roots will be very similar to the hierarchy of the current (G1) roots.  CA Hierarchy diagrams are provided in section 1.3 of RCA1_RCA3_CPS and RCA2_CPS.
* RCA1 and RCA3 share a CP/CPS (RCA1_RCA3_CPS) and are both allowed to have externally operated subCAs from a policy perspective. However, QuoVadis concentrates all external subCAs under the RCA3 hierarchy.  Both RCA1 and RCA2 are reserved solely for QuoVadis operated subCAs.
-  G3 Roots (i.e. the new roots):  Currently the new roots do not have external subCAs. Any third-party SubCAs added to the G3 hierarchy will comply with Section 9 of the Mozilla CA Inclusion Policy from inception.
- G1 Roots (i.e. the old roots):  Previously, third-party subCAs have been overseen via contractual controls or technical monitoring, supported by internal audit.  QuoVadis is completing the process of transitioning these clients to either technical controls (nameConstraints) or audit with public disclosure as specified in Section 9 of the Mozilla CA Inclusion Policy. 


* EV Policy OID: 1.3.6.1.4.1.8024.0.2.100.1.2
** EV treatment is only requested for RCA2.

* CRL 
http://crl.quovadisglobal.com/qvrca1g3.crl
http://crl.quovadisglobal.com/qvrca2g3.crl
http://crl.quovadisglobal.com/qvrca3g3.crl

* OCSP
http://ocsp.quovadisglobal.com


Sections 11-14 [Audit].  Annual audits are performed by Ernst & Young according to the WebTrust criteria.
WebTrust for CAs:  https://cert.webtrust.org/SealFile?seal=1503&file=pdf  
WebTrust for EV:  https://cert.webtrust.org/SealFile?seal=1508&file=pdf 
WebTrust for BRs:  https://cert.webtrust.org/SealFile?seal=1520&file=pdf 
Ernst & Young auditors were present for the creation ceremony for the G3 Roots.

Based on this assessment I intend to approve this request to include the “QuoVadis Root CA 1 G3”, “QuoVadis Root CA 2 G3”, and “QuoVadis Root CA 3 G3” root certificates; turn on all three trust bits for the RCA1 and RCA3 root certs; turn on the websites and code signing trust bits for the RCA2 root cert; and enable EV treatment for the “QuoVadis Root CA 2 G3” root certificate.

Comment 8

[Kathleen Wilson]

As per the summary in Comment #7, and on behalf of Mozilla I approve this request from QuoVadis to include the following root certificates:

** “QuoVadis Root CA 1 G3” (websites, email, code signing)
** “QuoVadis Root CA 2 G3” (websites, code signing), enable EV
** “QuoVadis Root CA 3 G3” (websites, email, code signing)

I will file the NSS and PSM bugs for the approved changes.

Comment 9

[Kathleen Wilson]

I have filed bug #1021054 against NSS and bug #1021106 against PSM for the actual changes.