All, This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process ( https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for e-Tuğra’s inclusion request (Bug # 1628720 <https://bugzilla.mozilla.org/show_bug.cgi?id=1628720>, CCADB Case # 576 <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000576>) for the following two (2) root CA certificates:
*E-Tugra Global Root CA RSA v3* https://crt.sh/?sha256=EF66B0B10A3CDB9F2E3648C76BD2AF18EAD2BFE6F117655E28C4060DA1A3F4C2 http://rep.e-tugra.com/crt/etugra_v3gr_root.crt *E-Tugra Global Root CA ECC v3* https://crt.sh/?sha256=873F4685FA7F563625252E6D36BCD7F16FC24951F264E47E1B954F4908CDCA13 http://rep.e-tugra.com/crt/etugra_v3ge_root.crt Mozilla is considering approving e-Tuğra’s request to add these roots as trust anchors with the websites trust bit and to EV-enable them. *Repository:* The e-Tuğra document repository is located here: https://e-tugra.com.tr/en/certificate-policy-and-practice-statement/ *Relevant Policy and Practices Documentation: * Certificate Policy, v. 6.2, dated March 16, 2022 https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CP_v6_2.pdf Certification Practices Statement, v. 6.2, dated March 16, 2022 https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CPS_v6_2.pdf *Self-Assessments and Mozilla CPS Reviews* are located as attachments in Bug # 1628720 <https://bugzilla.mozilla.org/show_bug.cgi?id=1628720>. *Audits:* Annual audits have been performed by LSTI under the ETSI audit scheme. The most recent audit was completed for the period ending July 24, 2021. See https://www.lsti-certification.fr/wp-content/uploads/2021/10/E-TUGRA-%E2%80%93-1646-220-AL-V1.1_S.pdf *Incidents* e-Tuğra has no open incidents in Bugzilla. In the past 12 months, there were two (2) incidents involving e-Tuğra, which are now closed: 1716843 <https://bugzilla.mozilla.org/show_bug.cgi?id=1716843> - CA Certificate Missing from Audit Reports (CA revoked January 2022) 1716902 <https://bugzilla.mozilla.org/show_bug.cgi?id=1716902> - e-Tuğra CPS stated it used an outdated domain validation method based on BR section 3.2.2.4.6 I have no further questions or concerns about e-Tuğra’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of e-Tuğra must promptly respond directly in the discussion thread to all questions that are posted. This email begins the 3-week comment period, which I’m scheduling to close on or about April 20, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Sincerely yours, Ben Wilson Mozilla Root Program Manager -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYrqpJTP1Ojfe_36b9boKQV_10E_%3DocewtPD4WEO-JrAA%40mail.gmail.com.
