Dual Use Certificate Addendum to the Comodo Certification Practice Statement v.3.0

Transcription

1 Dual Use ertificate Addendum to the omodo ertification Practice Statement v.3.0 omodo A, Ltd. Dual Use ertificate Addendum to Version 3.0 Amendments 13 March rd Floor, ffice Village, Exchange Quay, Trafford Road Salford, Manchester, M5 3EQ, United Kingdom

2 Beginning April 1, 2008, omodo A Ltd. ( omodo ) will offer a new type of certificate called Dual Use ertificates. These certificates are high assurance identification certificates will be issued by omodo and its RA s through the omodo ertificate Manager software to Subscribers. The purpose of this Addendum to the omodo ertification Practice Statement ( APS ) is to amend version 3.0 of the omodo ertification Practice Statement ( PS ) to include information and details on how these certificates will work, the purposes of the new program, and the validation procedures behind the certificates issued using the ertificate Manager. All provisions of the PS not specifically amended or added herein remain in full force and effect and where applicable shall apply to the new product offerings. nly the amended portions in this APS are included herein. Nothing in the PS shall be deemed omitted, deleted or amended unless expressly stated in this APS. Headings from the PS are included to identify the location of the Amended information, and are not intended to be duplicative. 1 General 1.4 ther Practice Statements omodo Dual Use ertificate Subscriber Agreement 1.8 omodo PKI Hierarchy Public omodo Repository Dual Use ertificates UTN-USERFirst-lient Authentication and (serial number = 44 be 0c 8b b4 11 d c9 89, expiry = 09 July :36:58) End Entity (serial number = x, expiry = 1 month or up to 10 year(s) from issuance) 2.4 Types of omodo ertificates e) omodo Dual Use ertificates omodo Dual Use ertificates are high assurance certificates used as and identification certificates that are issued through the ertificate Manager software to the end users of the ertificate Manager subscriber. These certificates are used for secure remote access to the subscriber s computer networks by its employees, agents, and contractors as well as providing these individuals with secure services. In accordance with section (Validation Practices), validation procedures of applicants for omodo Dual Use ertificates are by having the ertificate Applicant appear before an agent of the A, RA, or before a notary public or other official with comparable authority within the Applicant s jurisdiction.

3 2.6 Subscriber Private Key Generation Process omodo Dual Use ertificate requests are generated by omodo on the omodo Servers. The omodo ertificate Manager software generates the private key on behalf of the end user and delivers the private key and certificate to the end user omodo Dual Use ertificates omodo Dual Use ertificates are downloaded by the subscribers from the omodo ertificate Manager Software ertificate Policy (P) omodo Secure Server ertificate Secure ertificate (Free Version) / Secure ertificate (orporate Version) / ustom lient ertificates / omodo TF / Dual Use ertificates Signature Algorithm Sha1 Issuer (option 1) Issuer (option 2) Issuer (option 3) Validity Subject (for Free version) N omodo lass 3 Security Services A U (c) 2002 omodo A Limited U Terms and onditions of use: U omodo Trust Network omodo Limited GB N UTN-USERFirst-lient Authentication and U The USERTRUST Network L Salt Lake ity S UT US N omodo lass 3 Security Services A U (c) 2006 omodo A Limited U Terms and onditions of use: U omodo Trust Network omodo A Limited GB 1 year / 2 year / 3 year E address N ommon Name (name of subscriber) U (c)2003 omodo Limited U Terms and onditions of use:

4 Subject (for orporate version) Subject (for ustom lient. omodo TF version, and Dual Use ertificates) Authority Key Identifier Key Usage (Nonritical) (Free Version nly) Key Usage (Nonritical) (orporate and ustom lient versions) Netscape ertificate Type (orporate Version nly) Netscape ertificate Type (Free and ustom lient versions) Basic onstraint ertificate Policies RL Distribution Policies (nly for certificates issued by omodo lass 3 Security Services A ) U omodo Trust Network - PERSNA NT VALIDATED E address N ommon Name (name of subscriber) U orporate Secure U (0 or 1 Hosted by [Web Host Reseller Subscriber Name] of) Issued through [EPKI Manager Subscriber Name] Provided by [Powered SSL Subscriber Name] rganization U rganization Unit L Locality STREET Street S State Postalode Zip or Postal ode ountry All fields are customizable on a per-certificate basis. KeyID only is specified. Secure ( ) Unknown Key Usage ( ) Secure ( ) lient Authentication ( ) SSL lient Authentication, SMIME (a0) SMIME(20) Subject Type = End Entity Path Length onstraint = None [1] ertificate Policy: PolicyIdentifier = [1,1]Policy Qualifier Info: Policy Qualifier Id = PS Qualifier: [1]RL Distribution Point Distribution Point Name: Full Name: URL=<Primary DP URL> [2]RL Distribution Point Distribution Point Name: Full Name: URL=<Secondary DP URL> [3]RL Distribution Point Distribution Point Name: Full Name: RF822 Name=<RL Request Address>

5 Authority Information Access (omitted when Issuing A is omodo lass 3 Security Services A ) Subject Alternate Name (omitted from ustom lient version) Thumbprint Algorithm [1]Authority Info Access Access Method=ertification Authority Issuer ( ) Alternative Name: URL=<Primary AIA URL> [2]Authority Info Access Access Method=ertification Authority Issuer ( ) Alternative Name: URL=<Secondary AIA URL> RF822 Name = address SHA1 Thumbprint 4.1 ertificate Application Requirements All ertificate applicants must complete the enrolment process, which may include: Generate a RSA key pair and demonstrate to omodo ownership of the private key half of the key pair through the submission of a valid PKS#10 ertificate Signing Request (SR) (or SPKA request for certain omodo TF or Dual Use certificates) Make all reasonable efforts to protect the integrity the private key half of the key pair Submit to omodo a certificate application, including application information as detailed in this PS, a public key half of a key pair, and agree to the terms of the relevant subscriber agreement Provide proof of identity through the submission of official documentation as requested by omodo during the enrolment process omodo Dual Use ertificate End User or Administrator of Subscriber Subscriber omodo omodo Dual Use ertificates Validation procedures of applicants for omodo Dual Use ertificates are performed by omodo or an RA. Authentication is based on the physical presence of the Applicant before an agent of the A or RA or before a notary or other official with comparable authority. The agent, notary, or other official is responsible for checking the identity of the Applicant. An RA may issue the ertificate to its own employees and users if the organization authenticates the employment of the employee and the employee s authorization to obtain a ertificate. Verification by omodo is based on the confirmation of the identity of the Applicant in connection with their Application..

6 5.31 ertificate Insurance Plan omodo Dual Use ertificate $0 $0 Document ontrol This document is the Dual Use ertificate Addendum to omodo PS Version 3.0, created on 25 March 2008 and signed off by the omodo ertificate Policy Authority. omodo A Limited 3rd Floor, ffice Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom URL: legal@comodogroup.com Tel: +44 (0) Fax: +44 (0) opyright Notice opyright omodo A Limited All rights reserved. No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise) without prior written permission of omodo Limited. Requests for any other permission to reproduce this omodo document (as well as requests for copies from omodo) must be addressed to: omodo A Limited 3rd Floor, ffice Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom