141701 – Add QuoVadis CA Roots, tag for EV SSL

Bug 141701 - Add QuoVadis CA Roots, tag for EV SSL

Summary: Add QuoVadis CA Roots, tag for EV SSL

Status:	RESOLVED FIXED

Alias:	None

Product:	kio
Classification:	Frameworks and Libraries
Component:	kssl (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	George Staikos

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-02-14 21:32 UTC by Stephen Davidson
Modified:	2007-03-07 01:14 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Stephen Davidson 2007-02-14 21:32:20 UTC

Version:            (using KDE KDE 3.5.6)
Installed from:    I Don't Know

QuoVadis is a global commercial certification authority.  The "QuoVadis Root Certification Authority" root is already included in KSSL (it is also widely distributed in other OS/root stores).  Due to expansion of our business, as well as preparation for Extended Validation (EV) SSL, Quovadis has set up two additional roots.  
----
1.  QuoVadis requests that two roots be added to KSSL.  They are:

QuoVadis Root CA 2
Valid From:  Friday, November 24, 2006 2:27:00 PM
Valid To:  Monday, November 24, 2031 2:23:33 PM 
Download:  http://www.quovadis.bm/public/qvrca2.crt
Thumbprint:  ca 3a fb cf 12 40 36 4b 44 b2 16 20 88 80 48 39 19 93 7c f7
Purposes/Usage: ALL
CRL:  http://crl.quovadisglobal.com/qvrca2.crl

QuoVadis Root CA 3
Valid From:  Friday, November 24, 2006 3:11:23 PM
Valid To:  Monday, November 24, 2031 3:06:44 PM
Download:  http://www.quovadis.bm/public/qvrca3.crt
Thumbprint:  1f 49 14 f7 d8 74 95 1d dd ae 02 c0 be fd 3a 2d 82 75 51 85
Purposes/Usage: ALL 
CRL:  http://crl.quovadisglobal.com/qvrca3.crl

2.  When appropriate, QuoVadis requests that our roots be tagged for Extended Validation SSL.  We have completed the WebTrust EV Readiness audit with Ernst & Young.  Specifically, our orginal "QuoVadis Root Certification Authority" and "QuoVadis Root CA 2" should be tagged with our EV OID which is 1.3.6.1.4.1.8024.0.2.100.1.2

Please contact me if you require additional detail.  
Very best, Stephen Davidson, QuoVadis
----
QuoVadis maintains several audits and accreditations of our PKI operations, including:

i. WebTrust for Certification Authorities, conducted by Ernst & Young (Technology and Security Risk Services).  See https://cert.webtrust.org/ViewSeal?id=522.

ii. WebTrust for Extended Validation Certificates readiness review, conducted by Ernst & Young (Technology and Security Risk Services).

iii. Qualified Certification Service Provider (Switzerland) entitled to issue and administer qualified electronic certificates, conducted by KPMG Klynveld Peat Marwick Goerdeler SA for the Swiss regulator SAS.  See http://www.seco.admin.ch/sas/00229/00251/index.html?lang=en.  This includes certification to SR 943.03 (ZertES) and other Swiss laws and regulations, as well as ETSI TS 101.456 (Policy requirements for Digital Certification Authorities issuing Qualified Digital Certificates), ETSI TS 101.856 (Policy requirements for time-stamping authorities), and other standards.

iv. Bermuda Authorised Certification Service Provider, conducted by Ernst & Young for the Bermuda Government.  This “qualified” scheme synthesizes elements of ISO 17799 (Code of Practice for Information Security Management) and the European Electronic Signature Standardisation Initiative, as well as WebTrust for CAs.

Comment 1 George Staikos 2007-03-07 01:14:10 UTC

SVN commit 640146 by staikos:

and some high assurance and regular roots
BUGS: 140249, 141701, 141757


 A             DigiCertAssuredIDRootCA.pem  
 A             DigiCertGlobalRootCA.pem  
 A             DigiCertHighAssuranceEVRootCA.pem  
 M  +166 -0    caroot/ca-bundle.crt  
 A             globalsign-root-r2.pem  
 M  +36 -0     ksslcalist  
 A             qvrca2.pem  
 A             qvrca3.pem