* CRL and OCSP are deployed under this root** Section 4.10.1 of the CPS: The validity of the lists is twenty-five (25) hours or less.** CRL NextUpdate: 25 hours** The root CA uses its OCSP responder, and subordinate CAs also use its responder.*** root: ocsp1.netlock.hu/gold.cgi*** Class B Legal Sub-Certification Authority (Signer Certificates): ocsp1.netlock.hu/cblca.cgi*** Class B Certificate Subauthority (SSL Certificates): ocsp1.netlock.hu/cbca.cgi The OCSP responder on ocsp1.netlock.hu/gold.cgi does not return an ocsp application/response MIME type. I don`t know what it is referring to, but it doesn`t sound like an OCSP answer. > * Test website: www.schalamonek.hu/>> * CRL and OCSP are deployed under this root directory> ** Section CPS 4.10.1: List validity is twenty-five > (25) hours.> ** CRL NextUpdate: 25 hours > ** The root CA uses its OCSP responder and subordinate CAs > also use its responder.> *** root: ocsp1.netlock.hu/gold.cgi> Class B Legal Sub-Authority (Signer Certificates): ocsp1.netlock.hu/cblca.cgi> *** Class B Sub-Certification Authority (SSL Certificates): ocsp1.netlock.hu/cbca.cgi>> * Audit: Netlock`s service for electronic signature certificates is > audited by the Hungarian National Communications Authority (NCA) and> is listed on the NCA website as a qualified service provider. Netlock > is also audited by CERT Hungary, which confirmed that “the new certification body NetLock Arany> (Gold class) FÅtanúsÃtvÁny is operated root> in accordance with the Hungarian Law 35 of 2001 on Electronic Signatures, the> Ministerial Decree on Information and Communication 3/2005 (III. 18.). 3) OCSP TestsThe test website, www.schalamonek.hu/, loads in Firefox without error when OCSP is forced. Its SSL certificate has the extension AIAOCSP: URI: ocsp1.netlock.hu/cbca.cgiOCSP: URI: ocsp2.netlock.hu/cbca.cgiOCSP: URI: ocsp3.netlock.hu/cbca.cgi Varga Viktor à si ã s VevÅszolgÁlati©© VezetÅIT Service and Customers Service ExecutiveNetlock Kft. MD5 hash: 91:98:EB:21:8F:4E:76:97:57:4A:5E:2D:06:A0:11:93 SHA1 hash: 50:A7:D4:CE:89:FF:C0:1F:F1:8C:B6: E9:94:40:9F:88:24:84:02:C1 SHA256 hash:C5:6F:0F:28:66:18:C1:E7:B0:E1:12:C9:7B:9E:E9:6F:EB:4D:71:E7:94:96:C1:51:FA:1F:E8:A8: CE: BD:06:CD The Hungarian Bank of Commerce — is it a private bank? Is it a quasi-governmental organization or a fully commercial operator? It makes a small difference. In the short time I had, I couldn`t read that. I`m using a Mac, and it ruined the DOC thing. I`m sure I could, but.
It is not clear to me what the issue is here. >> Is there a report on any of the above audits? If that CA is >> listed as a QC >> provider and is registered in their government`s >> program, I am not asking for an official report. But I`m interested in reading everything they >> >> have>> Yes, you can check the official list on this page:>> This is for qualified:> webold.nhh.hu/esign/szolgParams/init.do?tipus=mi>> And this for unqualified people:> webold.nhh.hu/esign/szolgParams/init.do?tipus=fb. This is for qualified:webold.nhh.hu/esign/szolgParams/init.do?tipus=mi. > ** The two externally operated certification sub-authorities only issue certificates> their own employees.> *** Both operate a service unit to issue unqualified certificates> signatory employees and encryption certificates.> If I understood correctly, the message I commented on said that an unverified email in the QC was acceptable. I don`t think so. 🙂 >> Under conditions where code signing === QC then it`s OK.>> I`m not sure what the question is here. The query is documented in the following bug: bugzilla.mozilla.org/show_bug.cgi?id=480966 NETLOCK also uses so-called crossover certificates issued by Microsoft Corporation for NETLOCK. MD5 hash: 37:38:F3:C9:23:75:36:07:6A:21:A1:32:12:F1:8E:25 SHA1 hash: 6D:86:DF:CC:BF:19:6B:35:09:05:87:10:3E:34:9D:FC:E3:70:5B:17 SHA256 hash:9E:43:62:A9:18:A8:90:09:87:7C:7B:8B:19:0E:76:3A:E0:12:AD:47:C1:CC:A5:FC:CF:16:6F:C0:92:BC:2A:DE Ah, so I misunderstood. For some reason, I thought that the sub-customs authorities of the banks in question operated independently.
But if they are part of NetLock and operate on behalf of the banks, and as you say, are part of the verification, there is no difference.