Given that TURKTRUST has stated that the "TÜRKTRUST Elektronik Sertifika
Hizmet Sağlayıcısı H5" root is no longer being audited or complying with
new policies, I believe there is consensus that it should be removed from
the Mozilla root store. Kathleen will file a bug for that action.

Ryan suggested that the root also be added to OneCRL. I don't believe that
the current circumstances provide a strong argument for doing this, so
unless there is additional discussion I will not proceed with this proposed
action.

It has been proposed that we modify Mozilla policy to account for a
"wind-down" mode of operations. The counterpoint has been made that a root
hierarchy that is capable of issuance is as much of a risk as a root that
is issuing certificates. In this case the CA has stated that the decision
to suspend audits was based on the cost of those audits. I have doubts that
"wind-down" audits sufficient to address the risks inherent in a
non-issuing CA would be significantly less costly, even if the BRs made
provisions for them. Therefore, the only action I plan to take on this is
to ask the WebTrust Task Force for their opinion on "wind-down" audits, and
also to ask them if it is possible for a CA to obtain a period-of-time
audit for a hierarchy that hasn't issued any certificates in the period. I
will appreciate any additional suggestions that could help to resolve this
issue.

- Wayne
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to