All, On March 29, 2022, we began a three-week public discussion[1] on the request from e-Tuğra for inclusion of its two root certificates, the E-Tugra Global Root CA RSA v3 and the E-Tugra Global Root CA ECC v3. (Step 4 of the Mozilla Root Store CA Application Process[2]).
*Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:* We did not receive any objections or other questions or comments in opposition to e-Tuğra’s request. I do not believe there are any action items for e-Tuğra to complete. *Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: * This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve e-Tuğra’s request (Step 10). This begins a 7-day “last call” period for any final objections. Thanks, Ben [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/ylNHGT1arUE/m/GKcyixI8FAAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Tue, Mar 29, 2022 at 4:41 PM Ben Wilson <[email protected]> wrote: > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclusion process ( > https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps > 4 through 9) for e-Tuğra’s inclusion request (Bug # 1628720 > <https://bugzilla.mozilla.org/show_bug.cgi?id=1628720>, CCADB Case # 576 > <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000576>) > for the following two (2) root CA certificates: > > *E-Tugra Global Root CA RSA v3* > > > https://crt.sh/?sha256=EF66B0B10A3CDB9F2E3648C76BD2AF18EAD2BFE6F117655E28C4060DA1A3F4C2 > > http://rep.e-tugra.com/crt/etugra_v3gr_root.crt > > *E-Tugra Global Root CA ECC v3* > > > https://crt.sh/?sha256=873F4685FA7F563625252E6D36BCD7F16FC24951F264E47E1B954F4908CDCA13 > > http://rep.e-tugra.com/crt/etugra_v3ge_root.crt > > > Mozilla is considering approving e-Tuğra’s request to add these roots as > trust anchors with the websites trust bit and to EV-enable them. > > > *Repository:* The e-Tuğra document repository is located here: > > https://e-tugra.com.tr/en/certificate-policy-and-practice-statement/ > > *Relevant Policy and Practices Documentation: * > > Certificate Policy, v. 6.2, dated March 16, 2022 > > https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CP_v6_2.pdf > > Certification Practices Statement, v. 6.2, dated March 16, 2022 > > https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CPS_v6_2.pdf > > > > *Self-Assessments and Mozilla CPS Reviews* are located as attachments in Bug > # 1628720 <https://bugzilla.mozilla.org/show_bug.cgi?id=1628720>. > > > > *Audits:* Annual audits have been performed by LSTI under the ETSI audit > scheme. The most recent audit was completed for the period ending July > 24, 2021. > > See > https://www.lsti-certification.fr/wp-content/uploads/2021/10/E-TUGRA-%E2%80%93-1646-220-AL-V1.1_S.pdf > > *Incidents* > > e-Tuğra has no open incidents in Bugzilla. In the past 12 months, there > were two (2) incidents involving e-Tuğra, which are now closed: > > 1716843 <https://bugzilla.mozilla.org/show_bug.cgi?id=1716843> - CA > Certificate Missing from Audit Reports (CA revoked January 2022) > > 1716902 <https://bugzilla.mozilla.org/show_bug.cgi?id=1716902> - e-Tuğra > CPS stated it used an outdated domain validation method based on BR section > 3.2.2.4.6 > > > I have no further questions or concerns about e-Tuğra’s inclusion request; > however, I urge anyone with concerns or questions to raise them on this > list by replying directly in this discussion thread. Likewise, a > representative of e-Tuğra must promptly respond directly in the discussion > thread to all questions that are posted. > > This email begins the 3-week comment period, which I’m scheduling to close > on or about April 20, 2022, after which, if no concerns are raised, we will > close the discussion and the request may proceed to the approval phase > (Step 10). > > Sincerely yours, > > Ben Wilson > > Mozilla Root Program Manager > > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYB7tKUEfxTzn_dLXCoeYu_f_2bm%2B9y3Fj1OMojWcpW-A%40mail.gmail.com.
