All, This email commences a six-week public discussion of Microsec’s request to include the following certificate as publicly trusted root certificates in one or more CCADB Root Store programs. This discussion period is scheduled to close on December 19, 2025.
The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store. Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of Microsec Ltd. must promptly respond directly in the discussion thread to all questions posted. CCADB Case Number: 00001692 <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001692> Organization Background Information (listed in CCADB): - CA Owner Name: Microsec Ltd. - Website: https://e-szigno.hu/en/ - Address: Ángel Sanz Briz út 13. Graphisoft Park Southern Area, Building C Budapest, H-1033 Hungary - Problem Reporting Mechanisms: [email protected], https://e-szigno.hu/security-events-report - Organization Type: Private Corporation - Repository URL: https://e-szigno.hu/documents-and-policies Certificates Requesting Inclusion: e-Szigno TLS Root CA 2023 (requesting inclusion into three root stores) - Certificate links: (CA Repository <https://www.e-szigno.hu/tlsrootca2023.crt> / crt.sh <https://crt.sh/?q=B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4> ) - SHA-256 Certificate Fingerprint: B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4 - Intended use cases served/EKUs: - Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 - Client Authentication 1.3.6.1.5.5.7.3.2 - Test websites: - Valid: https://eqtlsca2023-valid.e-szigno.hu - Revoked: https://eqtlsca2023-revoked.e-szigno.hu/ - Expired: https://eqtlsca2023-expired.e-szigno.hu - DV Automation: None - OV Automation: None - EV Automation: None Existing Publicly Trusted Root CAs from Microsec: Microsec e-Szigno Root CA 2009: - Certificate links: (CA Repository <http://www.e-szigno.hu/rootca2009.crt> / crt.sh <https://crt.sh/?q=3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378> ) - SHA-256 Certificate Fingerprint: 3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378 - Trust Bits/EKUs: Client Authentication;Code Signing;Secure Email;Server Authentication;Encrypting File System;Time Stamping;IP Security Tunnel Termination;IP Security User - Included in: Apple, Google Chrome, Microsoft, Mozilla - Certificate corpus: here <https://search.censys.io/search?resource=certificates&q=3C5F81FEA5FAB82C64BFA2EAECAFCDE8E077FC8620A7CAE537163DF36EDBF378+and+labels%3Dever-trusted> (Censys login required) e-Szigno Root CA 2017: - Certificate links: (CA Repository <https://www.e-szigno.hu/rootca2017.crt> / crt.sh <https://crt.sh/?q=BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99> ) - SHA-256 Certificate Fingerprint: BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99 - Trust Bits/EKUs: Client Authentication;Code Signing;Document Signing;Secure Email;Server Authentication;Time Stamping - Included in: Google Chrome, Microsoft, Mozilla - Certificate corpus: here <https://search.censys.io/search?resource=certificates&q=BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99+and+labels%3Dever-trusted> (Censys login required) e-Szigno TLS Root CA 2023: - Certificate links: (CA Repository <https://www.e-szigno.hu/tlsrootca2023.crt> / crt.sh <https://crt.sh/?q=B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4> ) - SHA-256 Certificate Fingerprint: B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4 - Trust Bits/EKUs: Client Authentication;Server Authentication - Included in: Microsoft - Certificate corpus: here <https://search.censys.io/search?resource=certificates&q=B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4+and+labels%3Dever-trusted> (Censys login required) Relevant Policy and Practices Documentation: - Document Repository: https://e-szigno.hu/documents-and-policies - Markdown/AsciiDoc CP/CPS: https://github.com/microsec/regulations - CP: https://e-szigno.hu/docs/latest-regulation/eidas_hr_all_all/eng - CPS: https://e-szigno.hu/docs/latest-regulation/eidas_szsz_all_all/eng Most Recent Self-Assessment: - https://docs.google.com/spreadsheets/d/1FB1yKjnLeuX7O-8k6Fj199aNT_xA3anGySqNiLPTXDs/edit?gid=2064058180#gid=2064058180 Audit Statements: - Auditor: Hunguard - Audit Criteria: ETSI EN 319 411 - Recent Audit Statement(s): - Root Key Generation <https://bugzilla.mozilla.org/attachment.cgi?id=9371119> (June 7, 2023) - Standard Audit <https://www.hunguard.hu/wp-content/uploads/2024/11/Attestation_letter_010_standard_v10_ds.pdf> (Period: September 10, 2023 - September 9, 2024) - TLS BR Audit <https://www.hunguard.hu/wp-content/uploads/2024/11/Attestation_letter_010_TLS-BR_v10_ds.pdf> (Period: September 10, 2023 - September 9, 2024) - TLS EVG Audit <https://www.hunguard.hu/wp-content/uploads/2024/11/Attestation_letter_010_TLS-EV_v10_ds.pdf> (Period: September 10, 2023 - September 9, 2024) Incident Summary (Bugzilla incidents from previous 24 months): - 1865880 <https://bugzilla.mozilla.org/show_bug.cgi?id=1865880>: Microsec: Findings in 2023 Audit - 1886257 <https://bugzilla.mozilla.org/show_bug.cgi?id=1886257>: Microsec: Misissuance an EV TLS certificate without CPSuri - 1886998 <https://bugzilla.mozilla.org/show_bug.cgi?id=1886998>: Microsec: Late response to a CPR - 1887110 <https://bugzilla.mozilla.org/show_bug.cgi?id=1887110>: Microsec: Delayed revocation of the misissued certificates - 1889699 <https://bugzilla.mozilla.org/show_bug.cgi?id=1889699>: Microsec: Disallowed subject attribute field in DV certificate - 1925239 <https://bugzilla.mozilla.org/show_bug.cgi?id=1925239>: Microsec: Expired Certificates on test Pages for Revocation - 1952519 <https://bugzilla.mozilla.org/show_bug.cgi?id=1952519>: Microsec: Inconsistent Disclosure of S/MIME BR Audit Information in CCADB Thank you -Chris, on behalf of the CCADB Steering Committee -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mD7n8cZpmTDWf%3DVQHJ1z5OjZO8TD7AWaLXOAMZ5T41idA%40mail.gmail.com.
