Transcript Digital Certificates

QuoVadis Group
Roman Brunner, Group CEO
Update for EUGridPMA – May 12, 2009
QuoVadis Snapshot
•
•
Founded 1999 as Commercial Certification Authority
Offices in Switzerland, UK, Holland, Bermuda
•
Organisations want to “use digital certificates” more than “run their own PKI”
– Complexity of PKI policy and technology can distract from the actual business
•
QuoVadis provides turnkey solutions surrounding digital certificates and digital signatures
– Allow the customer to focus on their users and core systems/processes
•
Critical mass to provide:
– Specialised registration systems to improve user experience, compliance
– Secure hosting and operations of the PKI
– Support for arcane PKI issues
– Audits and accreditations
– Wide distribution of roots in OS and Browsers
Do It Yourself ?
Operational
policy and
procedures
Directory
structure
Training
end-users
Audit
Registration
process
OCSP
Training
Support
Backup
systems
Implementation
plan
Smart card
issuing
Validation
process
Trust
Model
Policy
Approval
Authority
System test
Concept of
Operations
Legal
liability
Hardware
Operational
OIDs
management
CAs
Naming
Business
Key
Regulatory
convention
continuity plan
Management
compliance
Training
Firewalls
Operations
Revocation
Renewal Root CA
End-to-end test
process
process
Archiving
Support
CP & CPS
Token
Security
organisation
management
Policy and Procedures
Operations test
Service Overview
Digital Certificates
• End User certificates, including Qualified and Advanced certificates, for various uses.
• Functional certificates, including ElDI-V/GeBüV, code signing, gateway, etc.
• SSL including the new Extended Validation SSL.
Managed PKI
• Outsourced certification authorities (CA) that can be tailored to the particular needs of a client or
community.
• Rapid-deployment Trust/Link registration authority (RA) web portals for easy issuance for both End User
and SSL certificates.
Signing Services
• Trusted time-stamping to reinforce data integrity and non-repudiation in the submission, storage/archive,
or tracking of electronic records.
• Digital signing tools (both client and server side).
Root Services
• Root CA hosting for organisations wishing to set up their own trust anchors.
• Root CA signing enhances the trust and recognition of customers’ in-house CAs.
• PKI policy, technologies, and integration into customer environments.
Root Distribution
Browsers
• Microsoft Internet Explorer 5.0+ (including
Maxthon and others)
• Mozilla Firefox 1.02+ (including Camino, Fennec,
and Sea Monkey)
• Opera 9.26+ (including Opera Mini)
• Safari 1.0+ (including mobile Safari)
• Google Chrome
• Konqueror and K-Meleon
Email Clients
• Apple Mail.app
• Eudora
• Microsoft Entourage
• Microsoft Outlook
• Microsoft Outlook Express
• Mozilla Thunderbird
• Mozilla Sea Monkey
• RIM Blackberry Mail (part of Core Applications)
Operating Systems
• Microsoft Windows XP+
• Apple OS/X+
• RIM Blackberry 4+
• KDE
• Java (in progress)
Other
• Microsoft Office
• Open Office
• Wide array of OSS applications that use the
Mozilla NSS libraries 3.9+
• Adobe Acrobat (in progress)
Audits and Accreditations
•
QuoVadis seeks accreditations in support of our client needs:
–
WebTrust for Certification Authorities
–
WebTrust for Extended Validation
–
Swiss Qualified Certification Services Provider
–
Netherlands Qualified Certification Services Provider
–
Bermuda Authorised Certification Services Provider
–
Currently obtaining PKI Overheid Accreditation in the Netherlands
QuoVadis Grid CA
•
Custom GridCA built for SWITCH in compliance
with EUGridPMA standards
– Updates made to QuoVadis CP/CPS
•
Evolved from QuoVadis relationship providing
SSL to SWITCH institutions using Trust/Link SSL
•
Available for other EUGrid members’ use:
– Reduce PKI management burden
– Simple interface for users
– Chained to QuoVadis root for wider
“trust” in end user software
EUGridPMA Accreditation
•
EUGridPMA team has performed a detailed review and approval of:
– The QuoVadis CP/CPS
– The QuoVadis Grid Issuing CA, End User, Server and CRL certificate profiles
•
The repository on the QuoVadis website (http://www.quovadisglobal.com/repository) contains
the QuoVadis Grid Issuing CA certificate, the Grid CRL, and the QuoVadis Root Certificates
•
Update to CP/CPS will be posted when CA goes into production
•
QuoVadis are currently in progress with the TACAR application
•
A big thanks to all the EUGridPMA reviewers for all their hard work, time, and input!
Certificate Types
•
•
Grid End User certificates for authentication and secure e-mail
Grid Server certificates for authentication and secure communication with Grid resources
•
Grid members who wish to use the Grid CA would sign up as Participating
Institutions/Registration Authorities
– QuoVadis is working with SWITCH to document procedures for RAs
•
Certificates will be issued and managed using our Trust/Link web applications:
– Trust/Link For End Users
– Trust/Link For SSL
Example: Trust/Link SSL
•
•
•
•
•
•
•
Pre-vetted details allows immediate issuance of
SSL
– Templates for consistency
Separation of institution “accounts”
Delegated administration, ability to
accommodate different approval regimes
Single login for Subscribers to manage all their
SSL
Custom emails for lifecycle events
Flexibility for certificate types, use of SANs, etc.
QuoVadis can provide demonstrations for
interested groups
Roman Brunner
[email protected]
+41 71 272 60 60