> I don't want to complicate matters, but I would > like to ask if there is some confirmation about the correctness of the > translation.
We received a paper-based declaration from the translation company stating that "the translated text is in full conformity with the Hungarian original". This declaration is physically attached to the document with some special ribbon led through all of the pages of the translation. Unfortunately, this form of authentication is inherently paper-based, I do not see any sensible way of sending it in an electronic format. However, you may contact the translation company at i...@kfi.hu for a confirmation. We gave them this document to be translated: http://srv.e-szigno.hu/menu/docs/szsz--hsz--altalanos--v1.6.pdf And they provided the above doc file as a translation. > I understand that subscribers have to appear in person at the "service > provider" in order to receive the private key? In case of Class 3 certificates - that includes web server and code signing certificates - the personal meeting at registration is mandatory. If the certificate is issued on a smart card - which is typical in case of certificates for encrypting e-mails - the subject also receives the private key at this point. In case of web server certificates, the keypair is typically generated by the subscriber, and we do not receive the private key, we receive a PKCS#10 request only. > Anyway, how exactly do you verify email addresses and domain names > to be under control by the subscriber? E-mail addresses are verified by sending an e-mail to that address, and the contents of this e-mail are needed at registration. Domain names are verified using the online registry for appropriate domains, e.g. http://www.domain.hu for the .hu top level domains. If the subscriber is not the registered owner of the domain, we request on official letter from the owner confirming that the subscriber is allowed to request the certificate. > The letter claims that the next audit is scheduled for autumn 2008, has > the audit been successfully completed? Yes, the audit has been successfully completed. We have not received an English confirmation letter. We can ask one from the Hungarian National Communications Authority if necessary, but it takes time. > Is there any other reference to the various ETSI CA policy > requirements besides the letter? I don't quite understand what you mean here. ETSI policy documents are referred in our CPSs (e.g. in Section 1.1.5). The ETSI policy documents are also referred in the confirmation letter. Could you be more specific on what you mean? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
