> Well, I don't get it. Your diagram at > http://srv.e-szigno.hu/menu/index.php?lap=english_ca_hierarchy shows > clearly that you are issuing intermediate CA certificates from the root, > but in the previous comment you claimed that the CA is only allowed to use > * signing qualified end-user certificates and > * signing CRLs. > Does this apply to the intermediate CA certificates but not the CA root?
It applies to the private key used for signing qualified certificates (end-entity certificates issued to natural persons) only, so it does not apply to roots that sign CA certificates. > > We have a root, which does not issue end-user certificates, but issues > > CA certificates for our own CAs only. > Which root is that? I understand there is only one root up for inclusion... We requested the inclusion of one root, 'Microsec e-Szigno Root CA' only. (The root 'e-Szigno OCSP CA' is our OCSP root. The root 'Közigazgatási Gyökér Hitelesítés Szolgáltató' is a Hungarian governmental root operated by the Hungarian government that cross-certififes certain commercial CAs (like Microsec), it does not belong to us. The gray ones below are our test roots for testing purposes, they do not belong to our official system.) > Thanks for that! I still would like to read your CP/CPS in English (even > if only machine translated). Is it somehow possible to facilitate that? We would like to avoid having to translate these documents if possible, as our CPS is over 100 pages long. I doubt that any Hungarian to English machine translation could provide a quality good enough (that allows you to figure out that the original document was in fact a CP/CPS of a CA). If you have trouble feeding the PDF into a machine translator, I can provide our documents in some other format: in TXT or in RTF, etc. Regards, István _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto