Given that TURKTRUST has stated that the "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" root is no longer being audited or complying with new policies, I believe there is consensus that it should be removed from the Mozilla root store. Kathleen will file a bug for that action.
Ryan suggested that the root also be added to OneCRL. I don't believe that the current circumstances provide a strong argument for doing this, so unless there is additional discussion I will not proceed with this proposed action. It has been proposed that we modify Mozilla policy to account for a "wind-down" mode of operations. The counterpoint has been made that a root hierarchy that is capable of issuance is as much of a risk as a root that is issuing certificates. In this case the CA has stated that the decision to suspend audits was based on the cost of those audits. I have doubts that "wind-down" audits sufficient to address the risks inherent in a non-issuing CA would be significantly less costly, even if the BRs made provisions for them. Therefore, the only action I plan to take on this is to ask the WebTrust Task Force for their opinion on "wind-down" audits, and also to ask them if it is possible for a CA to obtain a period-of-time audit for a hierarchy that hasn't issued any certificates in the period. I will appreciate any additional suggestions that could help to resolve this issue. - Wayne _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

