Hello:
I am following up regarding Ryan's comments relating to the DarkMatter external CAs signed by QuoVadis. In short:
* QuoVadis has been transparent with Mozilla regarding these CAs throughout their existence, with the latest discussion occurring in the autumn of 2017 (see below).
* The DarkMatter CAs have continuous WebTrust audit coverage, while initially under our managed operation and subsequently on a standalone basis.
* The DarkMatter CAs are logging all new trusted SSL in CT.
Regards, Stephen
-----Original Message-----
From: Stephen Davidson
Sent: Thursday, October 26, 2017 11:37 AM
To:
ge...@mozilla.com; Kathleen Wilson <
kwi...@mozilla.com>
Cc: Barry Kilborn <
B.Ki...@quovadisglobal.com>; Tony Nagel <
T.N...@quovadisglobal.com>
Subject: Moving (root signed) issuing CAs
Hello:
I am writing to provide information on a long-planned project with a QuoVadis client, taking into mind the requirements of Section 8.3 of the Mozilla Root Store Policy.
QuoVadis has worked with DarkMatter for a number of years to build and operate a number of CAs – some of which were root signed by QuoVadis roots and hosted by QuoVadis in our PKI trustcentre.
Those trusted CAs shown below. DarkMatter has been in control of those CAs, although QuoVadis has conducted its own vetting of SSL domains and organisations in parallel. The CAs have been included in QuoVadis’ own WebTrust.
The plan has always been to eventually relocate those CAs to the UAE, and DarkMatter has built a team and prepared facilities. You probably know their team leader, Scott Rea, from the CABF and elsewhere in the PKI world.
We believe that Dark Matter are now prepared to transition to being a “publicly audited and disclosed” external CA. We have taken great care to adhere to the Mozilla policies in planning this transition. Following the transition, DarkMatter will take control of validation.
To summarise:
* EY formally audited phase 1 of the migration and produced a formal audit report. Phase 1 was just a transfer of some key material (that will be used in Phase 2). The CAs continued to operate in QV Bermuda. DarkMatter CAs were included in the 2016 QuoVadis WebTrust. They will be also named in the 2017 QuoVadis WebTrust
* DarkMatter have successfully completed a PITA WebTrust (that includes the location where the ICAs will be migrated to).
* Phase 2 of the migration is due to happen soon. This will be formally audited by KPMG (both in Bermuda, CH and UAE) and a report will be produced. We will have our auditors EY on hand too.
* DarkMatter are finalizing their initial period of time WebTrust reports. Note that these ones won’t mention the CAs to be migrated since the initial period ends before the migration will take place.
Going forward, KPMG will conduct – continuous coverage – WebTrust for CAs, WebTrust for BR, and WebTrust for EV audits of the DarkMatter CAs. QuoVadis will continue ongoing monitoring and internal audits of their issuance, per requirements.
We expect the move to occur in the first week of November. We have not been aware of discussion regarding a move such as this involved a trusted issuing CA. We are requesting information on the degree of disclosure you would like regarding this move.
Best regards, Stephen
Background on the CA Certs
In April 2016 we had the first DarkMatter ceremony. These had .ae constraints in them. (They didn’t count as fully technically constrained though). EY audited fully. These CA were on the QuoVadis WebTrust 2016 report.
Original Certs
CN
DarkMatter Assured CA
DarkMatter Secure CA
DarkMatter High Assurance CA
Serial
05 a6 22 7d 59 9c 95 fe b5 5a 33 3a 9b 6b 54 13 45 12 db 63
62 3f 50 d8 3a 11 19 2f 11 16 cc 4b 12 78 5e 12 b0 39 6b 24
62 06 5c 48 9e a2 37 c7 c4 0b b7 a3 38 9b 1d 0e b9 b9 a3 58
Valid from
Friday, April 29, 2016 7:53:00 PM
Friday, April 29, 2016 7:45:18 PM
Friday, April 29, 2016 7:38:11 PM
Valid to
Monday, April 29, 2024 7:53:00 PM
Monday, April 29, 2024 7:45:18 PM
Monday, April 29, 2024 7:38:11 PM
Issuer
QuoVadis Root CA 3 G3
QuoVadis Root CA 2 G3
QuoVadis Root CA 2 G3
Sha1 thumb
6b 6f a6 5b 1b dc 2a 0f 3a 7e 66 b5 90 f9 32 97 b8 eb 56 b9
6a 2c 69 17 67 c2 f1 99 9b 8c 02 0c ba b4 47 56 a9 9a 0c 41
88 35 43 7d 38 7b bb 1b 58 ff 5a 0f f8 d0 03 d8 fe 04 ae d4
Sha256 thumb
60 F0 66 DC 78 A4 E2 E9 29 A1 C8 ED 10 2E DB 70 7D F0 31 81 F8 2F DF 50 D5 3A 52 DA C3 55 C6 5B
A0 19 81 1E 43 69 CA 4C 62 AA A8 0A 15 49 61 3E 60 F6 C5 CE D3 83 AF 9D 79 DF 8F 8F 19 3F 1D FE
E0 A6 70 F4 F1 05 7E 91 79 E9 DB 45 E3 33 CE 37 E3 EE 31 C3 49 9F 1C 58 4A 58 7B D9 A5 F5 36 40
Renewed Certs
In April 2017 we renewed these CAs to remove the .ae constraints. These CAs will be in the QuoVadis WebTrust 2017 report (as well as the 2016 CAs)
CN
DarkMatter Assured CA
DarkMatter Secure CA
DarkMatter High Assurance CA
Serial
19 ff 34 56 9d 36 6b a1 f6 6e 8d 95 32 ee 05 d0 55 b9 dd 1d
62 7a 61 b1 0e 7f 5f 27 be 3b eb 5e 94 cf 7f f4 48 de e1 c5
14 ed 7e 90 75 b6 ae 86 8e 1a 3b 02 4f 8a 94 af c8 f5 db ba
Valid to
Saturday, April 19, 2025 3:38:50 PM
Saturday, April 19, 2025 3:27:31 PM
Saturday, April 19, 2025 3:20:31 PM
Issuer
QuoVadis Root CA 3 G3
QuoVadis Root CA 2 G3
QuoVadis Root CA 2 G3
Sha1 thumb
9f eb 09 1e 05 3d 1c 45 3c 78 9e 8e 9c 44 6d 31 cb 17 7e d9
3a d0 10 24 7a 8f 1e 99 1f 8d de 5d 47 98 9c b5 20 2e 56 14
d3 fd 32 5d 0f 22 59 f6 93 dd 78 94 30 e3 a9 43 0b b5 9b 98
Sha256 thumb
D8 88 8F 4A 84 F7 4C 97 4D FF B5 73 A1 BF 5B BB AC D1 71 3B 90 50 96 F8 EB 01 50 62 BF 39 6C 4D
A2 5A 19 54 68 19 D0 48 00 0E F9 C6 57 7C 4B CD 8D 21 55 B1 E4 34 6A 45 99 D6 C8 B7 97 99 D4 A1
3A E6 99 D9 4E 8F EB DA CB 86 D4 F9 0D 40 90 33 33 47 8E 65 E0 65 5C 43 24 51 19 7E 33 FA 07 F2
-----Original Message-----
From: Gervase Markham [mailto:
ge...@mozilla.org]
Sent: Thursday, November 2, 2017 7:12 AM
To: Stephen Davidson <
S.Dav...@quovadisglobal.com>; Kathleen Wilson <
kwi...@mozilla.com>
Cc: Barry Kilborn <
B.Ki...@quovadisglobal.com>; Tony Nagel <
T.N...@quovadisglobal.com>
Subject: Re: Moving (root signed) issuing CAs
Hi Stephen,
On 26/10/17 15:36, Stephen Davidson wrote:
> We believe that Dark Matter are now prepared to transition to being a
> “publicly audited and disclosed” external CA. We have taken great
> care to adhere to the Mozilla policies in planning this transition.
> Following the transition, DarkMatter will take control of validation.
Mozilla has concerns about this plan. The name of DarkMatter has been associated with some fairly shady behaviour related to online surveillance and the government of the UAE. With QuoVadis doing parallel validation of domain names for certs they issue, this was not necessarily a concern. But giving them independent issuance capability would be, as there would be no external controls. (QV would of course still be held responsible for any misissuance by DarkMatter, as they would still be a sub-CA of QuoVadis.)
While there are to some degree ecosystem mitigations against misbehaviour such as CT, Firefox does not currently require CT either by policy or code. And when one has control of a country's infra, surgical attacks on individuals are much more possible and much harder to detect.
I note in this connection that Mozilla is pondering, but has not yet implemented, a requirement that unconstrained cross-signs be disclosed in advance for discussion, specifically relating to the trustworthiness or otherwise of the organization to whom certificate issuance authority is being delegated. If we were to have such a requirement, this would fall under it.
I'm sure the issues relating to DarkMatter are not entirely unknown to you. Do you have comments or thoughts on the situation?
Gerv
-----Original Message-----
From: Stephen Davidson
Sent: Friday, November 3, 2017 4:42 AM
To: Gervase Markham <
ge...@mozilla.org>; Kathleen Wilson <
kwi...@mozilla.com>
Cc: Barry Kilborn <
B.Ki...@quovadisglobal.com>; Tony Nagel <
T.N...@quovadisglobal.com>
Subject: RE: Moving (root signed) issuing CAs
Hello Gerv:
Thank you for the feedback and clarity regarding Mozilla’s concerns.
We have worked extensively with DarkMatter as well as KPMG (their auditors) and EY (our auditors) to ensure that the appropriate requirements for root signing set by browsers are adhered to, including the BR and WebTrust.
In light of your concerns, we have contractually agreed that every SSL/TLS certificate issued from those DarkMatter trusted CAs will be automatically logged in CT (pre-cert using the native CA functionality). QuoVadis has the rights and duties to audit the DM environment regularly including CA logs (which are tamperproof/digitally signed). In addition to the duties laid out in the BR and Mozilla requirements, with DarkMatter we will implement a mechanism to reconcile weekly that all issued SSL/TLS certs have in fact been CT logged.
I hope this satisfies some of your concerns, and look forward to hearing from you.
Regards, Stephen
-----Original Message-----
From: Gervase Markham [mailto:
ge...@mozilla.org]
Sent: Friday, November 3, 2017 6:31 AM
To: Stephen Davidson <
S.Dav...@quovadisglobal.com>; Kathleen Wilson <
kwi...@mozilla.com>
Cc: Barry Kilborn <
B.Ki...@quovadisglobal.com>; Tony Nagel <
T.N...@quovadisglobal.com>
Subject: Re: Moving (root signed) issuing CAs
Hi Stephen,
On 03/11/17 07:42, Stephen Davidson wrote:
> In light of your concerns, we have contractually agreed that every
> SSL/TLS certificate issued from those DarkMatter trusted CAs will be
> automatically logged in CT (pre-cert using the native CA
> functionality). QuoVadis has the rights and duties to audit the DM
> environment regularly including CA logs (which are
> tamperproof/digitally signed). In addition to the duties laid out in
> the BR and Mozilla requirements, with DarkMatter we will implement a
> mechanism to reconcile weekly that all issued SSL/TLS certs have in
> fact been CT logged.
That sounds positive. Although while you will have a view on all the certificates they issue, presumably the logs do not necessarily record the details of the domain validation done? (Some manual domain validation methods are inherently unloggable in that secure sense
anyway.) So if you see a cert for
somesite.ae, will you be able to validate whether the owner of
somesite.ae is the holder of the private key?
As it happens, perhaps not by coincidence, I got an email from Scott Rea this week announcing his intention to apply for full root inclusion for a hierarchy managed by DarkMatter. So it seems like there will soon be an opportunity for us to discuss DarkMatter in the community even under the existing rules.
Gerv