Buypass Root Inclusion Request for Renewed Roots

[Kathleen Wilson]

Buypass has applied to add the “Buypass Class 2 Root CA” and the
“Buypass Class 3 Root CA” root certificates, and to turn on the Websites
trust bit for both. The request is to also enable EV for the new Class 3
root. The “Buypass Class 2 CA 1” and “Buypass Class 3 CA 1” root
certificates are currently included in NSS.

Buypass AS is a public corporation and a leading supplier of secure
solutions for electronic identification, electronic signatures and
payment in the Nordic countries. Buypass solutions are delivered via the
Internet, mobile phones, POS terminals and company internal networks.
Buypass has issued electronic IDs to over 2 million of Norway's
inhabitants. Buypass is registered with the Post and Telecommunications
Authority as the issuer of the qualified ID according to the law on
electronic signature. The company is the market leading ID supplier
within e-Government services in Norway, provides identification services
to all government departments, over 70% of the country’s primary health
care services and the entire customer base of the Norsk Tipping (the
Norwegian national Lottery).

The request is documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=685128

And in the pending certificates list here:
http://www.mozilla.org/projects/security/certs/pending/#Buypass

Summary of Information Gathered and Verified:
https://bugzilla.mozilla.org/attachment.cgi?id=613401

Noteworthy points:

* The primary documents are the CP and CPS documents, which are provided
in English.

Document Repository:
http://www.buypass.no/bedrift/kundeservice/dokumentasjon/ca-dokumenter-juridisk
Class 2 CP:
http://www.buypass.no/bedrift/kundeservice/dokumentasjon/ca-dokumenter-juridisk/_attachment/8957
Class 2 CPS:
http://www.buypass.no/bedrift/kundeservice/dokumentasjon/ca-dokumenter-juridisk/_attachment/8961
Class 3 CP:
http://www.buypass.no/bedrift/kundeservice/dokumentasjon/ca-dokumenter-juridisk/_attachment/8960
Class 3 CPS:
http://www.buypass.no/bedrift/kundeservice/dokumentasjon/ca-dokumenter-juridisk/_attachment/8963

Both of these roots have internally-operated subordinate CAs
corresponding to the high security services that are offered.
CA Hierarchy: https://bugzilla.mozilla.org/attachment.cgi?id=558776

The request is to turn on the Websites trust bit for both roots.

* Class 2 CP and Class 3 CP section 2.1.1: The CA SHALL warrant that
Subscriber named in the Class 2 SSL Certificate has the right to use the
domain name(s) listed in the Certificate.

* Class 2 CP and Class 3 CP section 4.1.1: The controls and procedures
used to verify the Certificate Application SHALL establish:
- that the Certificate Application is accurate and complete
- that the Subscriber is registered in the Norwegian Central
Coordinating Register for Legal Entities and that Subscriber information
registered conform with information provided in the Certificate
Application (see section 3.1.1) for Buypass Domain Plus SSL Certificates
- that the Certificate Applicant and Certificate Approver are Authorized
Subscriber Representatives according to the requirements described in
section 3.1.2
- that the Subscriber is a registered holder or has control of the
domain name to be included in the SSL Certificate

The request is to also enable EV for the “Buypass Class 3 Root CA” root
certificate.

* Class 3 CP References: [10] CA/Browser Forum, Guidelines for the
Issuance and Management of Extended Validation Certificates, see
http://www.cabforum.org for current version

* Class 3 CP section 1.1: An EV SSL Certificate Subscriber SHALL be
either a Private Organization or a Government Entity according to the
definitions in the CA/Browser Forum Guidelines [10]. All EV SSL
Certificate Subscribers SHALL be registered in the Norwegian Central
Coordinating Register for Legal Entities.

* Class 3 CP section 3.1.2: The RA SHALL be able to identify Certificate
Applicants, Certificate Approvers, Certificate Managers and Contract
Signers as Authorized Subscriber Representatives;
a) A Contract Signer's Signing Authority SHALL be established through a
Signing Authority Statement. Accepted Signing Authority Statements MAY be:
- information obtained from the Norwegian National Register of Business
Enterprises or the Norwegian Central Coordinating Register for Legal
Entities identifying the Contract Signer as a person that is entitled to
bind the Subscriber organization by signature
- independent confirmation from Applicant (i.e. Subscriber) as defined
by [10]
- accountant letter as defined by [10]
- legal opinion as defined by [10]
- corporate resolution as defined by [10]
b) A Certificate Manager’s SSL Authority SHALL be established through
and SSL Authority Statement. Accepted SSL Authority Statements MAY be:
- statements of Signing Authority as defined in a)
- independent confirmation from a Contract Signer in compliance with the
requirements of [10]
- independent confirmation from Applicant (i.e. Subscriber) as defined
by [10]
- accountant Letter as defined by [10]
- legal opinion as defined by [10]
- corporate resolution as defined by [10]
c) A Certificate Approver's SSL Authority SHALL be established through
an SSL Authority Statement. Accepted SSL Authority Statements MAY be:
- statements of Signing Authority as defined in a)
- independent confirmation from a Contract Signer in compliance with the
requirements of [10]
- independent confirmation from Applicant (i.e. Subscriber) as defined
by [10]
- accountant letter as defined by [10]
- legal opinion as defined by [10]
- corporate resolution as defined by [10]
d) A Certificate Applicant's authority to submit and sign an SSL
Certificate Application SHALL be established through:
- statements of Signing Authority or EV Authority as defined in a) and
b) respectively
- an express authorization statement issued by an authorized Certificate
Approver, Certificate Manager or Contract Signer
e) SSL Authority Statements/Signing Authority Statements SHALL be
verified according section 4.1.1.
f) The CA and Subscriber MAY enter into a written agreement, signed by a
Contract Signer on behalf of Subscriber, whereby, for a specified term,
Subscriber expressly authorizes one or more Certificate Manager(s)
and/or Certificate Approver(s) designated in such agreement to exercise
SSL Authority with respect to each future Certificate Application
submitted on behalf of Subscriber. The CA/Browser Forum Guidelines [10]
defines further requirements in this case.

* Class 3 CP section 4.1.1: For EV Certificates, the contents of the
Subscriber Agreement SHALL comply with the requirements of the
CA/Browser Forum Guidelines [10].

* Class 3 CP section 4.2: The validity period for an EV Certificate
SHALL NOT exceed twenty seven months. The age of validated data to
support issuance of an EV Certificate SHALL NOT exceeds thirteen months,
see [10].

* EV Policy OID: 2.16.578.1.26.1.3.3

* Root Cert URLs
http://www.buypass.no/cert/BPClass2RootCA-sha2.cer
http://www.buypass.no/cert/BPClass3RootCA-sha2.cer

* Test Websites
https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2
https://valid.evident.ca23.ssl.buypass.no/CA2Class3

* CRL
http://crl.buypass.no/crl/BPClass2CA2.crl
Class 2 SSL CP Section 4.4.9: The CRL service SHALL at least issue CRLs
every 24 hours and each CRL SHALL have a maximum expiration time of 48
hours.
http://crl.buypass.no/crl/BPClass3CA2.crl
Class 3 SSL CP Section 4.4.9: The CRL service SHALL at least issue CRLs
every 24 hours and each CRL SHALL have a maximum expiration time of 48
hours.

* OCSP
http://ocsp.buypass.no/ocsp/BPClass2CA2
http://ocsp.buypass.no/ocsp/BPClass3CA2
Class 3 SSL CP Section 4.4.11: The OCSP service SHALL be updated at
least every 24 hours, and OCSP responses from this service SHALL have a
maximum expiration time of 48 hours.

* Audit: Annual audits are performed by KPMG according to the WebTrust
CA and WebTrust EV criteria and posted on the webtrust.org website.
https://cert.webtrust.org/ViewSeal?id=1269

* Potentially Problematic Practices – None Noted
(http://wiki.mozilla.org/CA:Problematic_Practices):

This begins the discussion of the request from Buypass to add the
“Buypass Class 2 Root CA” and the “Buypass Class 3 Root CA” root
certificates, and to turn on the Websites trust bit for both. The
request is to also enable EV for the new Class 3 root. At the conclusion
of this discussion I will provide a summary of issues noted and action
items. If there are outstanding issues, then an additional discussion
may be needed as follow-up. If there are no outstanding issues, then I
will recommend approval of this request in the bug.

Kathleen

[Erwann Abalea]

> * Test Websites
> https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2
> https://valid.evident.ca23.ssl.buypass.no/CA2Class3

SHA1withRSA, no random in the serial number or the subject name.

[Ben Bucksch]

On 10.04.2012 00:40, Kathleen Wilson wrote:
> Buypass has applied to add the ... "Buypass Class 3 Root CA" root
> certificates

lol

[John Arild Amdahl Johansen]

Hi, my name is John A. Johansen and I will respond to the discussion from our side.

> SHA1withRSA, no random in the serial number or the subject name.

Buypass have used SHA256 as hash algorithm in the new Root CA Certificates and Subordinate CA Certificates, but so far the Subscriber Certificates have been based on SHA1. However, we have recently decided to switch to SHA256 also for Subscriber Certificates. This will be accomplished when we start issuing real Subscriber Certificates under the new roots. The Subscriber Certificates issued so far are for test purposes, e.g. those used in the test websites.

We added random values to the certificate serial number in a release in December 2011. The certificates used in the referred test websites were issued before this change. However, another test website includes a certificate issued in February 2012 and this certificate has random values in the serial number: https://valid.business.ca23.ssl.buypass.no/

Some additional info regarding the info gathering doc provided in the bug:
Unfortunately, due to a "feature" in our Content Management System, all the listed CP/CPS documents in the provided info gathering document are linked to a specific version. The result is that all the CP/CPS links points to the previous versions of the respective documents.
To deal with that, we have set up an English Document Repository page with all the legal SSL documentation listed:
http://www.buypass.com/home/support/ca-documentation-legal
This is more self-explaining than the Norwegian one provided earlier.
The differences compared to the older versions are not many, but it would be most correct to review the newest version.

In addition we have also recently achieved the ETSI 102 042 certification. It might not mean much since we're also holding WebTrust for CA and EV SSL, but anyway. :-)


Tnx,

John Arild A. Johansen
Sikkerhetssjef/CSO
Buypass AS, http://www.buypass.no/

-----Original Message-----
From: dev-security-policy-bounces+john.johansen=buypa...@lists.mozilla.org [mailto:dev-security-policy-bounces+john.johansen=buypa...@lists.mozilla.org] On Behalf Of Erwann Abalea
Sent: 10. april 2012 16:08
To: mozilla-dev-s...@lists.mozilla.org
Subject: Re: Buypass Root Inclusion Request for Renewed Roots

> * Test Websites
> https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2
> https://valid.evident.ca23.ssl.buypass.no/CA2Class3

SHA1withRSA, no random in the serial number or the subject name.

_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

[Charles Reiss]

[snip]

> * Potentially Problematic Practices – None Noted
> (http://wiki.mozilla.org/CA:Problematic_Practices):

The Class 2 CPS appears to permit certificates to be issued for
"internal" DNS names ("under the pseudo TLD .local is allowed as well as
internal server names"). These do not appear to be limited to subdomains
of domains verifiably controlled by the certificate holder.

[John Arild Amdahl Johansen]

Hi Charles.

> The Class 2 CPS appears to permit certificates to be issued for
> "internal" DNS names ("under the pseudo TLD .local is allowed as well
> as internal server names"). These do not appear to be limited to
> subdomains of domains verifiably controlled by the certificate holder.

We do currently allow non verifiable domain names under the pseudo TLD .local as well as internal server names in order to support the Microsoft Exchange Infrastructure. This is only allowed in our Class 2 OV certificates (SSL Domain Plus).

However, due to our commitment to the Baseline Requirements we will terminate this product in the near future and according to the requirements in Baseline Requirements effective 1.july 2012.

Rgds.,
John

> -----Original Message-----
> From: dev-security-policy-
> bounces+john.johansen=buypa...@lists.mozilla.org [mailto:dev-
> security-policy-bounces+john.johansen=buypa...@lists.mozilla.org] On
> Behalf Of Charles Reiss
> Sent: 11. april 2012 19:42
> To: mozilla-dev-s...@lists.mozilla.org
> Subject: Re: Buypass Root Inclusion Request for Renewed Roots
>

> On 4/9/12 3:40 PM, Kathleen Wilson wrote:

> [snip]
> > * Potentially Problematic Practices - None Noted
> > (http://wiki.mozilla.org/CA:Problematic_Practices):
>

> The Class 2 CPS appears to permit certificates to be issued for
> "internal" DNS names ("under the pseudo TLD .local is allowed as well
> as internal server names"). These do not appear to be limited to
> subdomains of domains verifiably controlled by the certificate holder.

[Kathleen Wilson]

On 4/9/12 3:40 PM, Kathleen Wilson wrote:

> Buypass has applied to add the “Buypass Class 2 Root CA” and the
> “Buypass Class 3 Root CA” root certificates, and to turn on the Websites
> trust bit for both. The request is to also enable EV for the new Class 3
> root. The “Buypass Class 2 CA 1” and “Buypass Class 3 CA 1” root
> certificates are currently included in NSS.
>

Thank you to those of you who have reviewed and commented on this
request from BuyPass.

BuyPass provided a link to updated documentation:
http://www.buypass.com/home/support/ca-documentation-legal

In regards to the concern about the end-entity certs using SHA1 and not
having 20 bits of entropy, Buypass responded that as of December they
have added random values in the serial number for new end-entity certs.

In regards to the concern about the Class 2 CPS permitting certificates
to be issued for internal DNS names, BuyPass responded that this is
currently done for compatibility with Microsoft Exchange Infrastructure,
and stated their intent to comply with the CAB Forum Baseline
Requirements by July 1, 2012.

There are no action items resulting from this discussion.

If there are no further comments/questions about this request from
BuyPass, then I will close this discussion and recommend approval in the
bug.

Thanks,
Kathleen

[Kathleen Wilson]

Thanks again to those of you who have reviewed and commented on this
request.

I am now closing this discussion, and I will post a summary of this
request and my recommendation for approval in the bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=685128

Any further follow-up on this request should be added directly to the bug.

Thanks,
Kathleen