Hi All, Kamu SM was established to meet the electronic certificate needs of all public institutions and organizations with the legislation published in Turkey. For this reason, in the process of adding our root certificate to trusted root stores, it was foreseen that it would be appropriate to issue SSL certificates only to public institutions, taking into account our customer profile. However, as a result of a regulation that came into force in our country in the past months, we have become able to issue electronic certificates to the private sector in some areas. Therefore, our customer profile and their needs are changing.
It should be noted that we had been auditing by Internal Government Auditing Agency with encompasses all requirements of ETSI audits before 2018. And then, as Ben stated, Kamu SM has been audited within the scope of ETSI EN 319 411-1 by an international qualified auditor since 2018. In addition, to the best of our knowledge, there is no specific restriction for government CAs in the Mozilla Root Store Policy or CA/Browser Baseline Requirements. Considering that we provide the necessary conditions, in order to meet our customers need, we also want to provide our SSL certificate product to all demanding institutions in Turkey instead of limiting it to only public institutions. PS: Apologies if you receive this reply twice, I tried posting it before and I think it failed. M. Melis ŞİMŞEK Kamu Sertifikasyon Merkezi (KAMU SM) 3 Kasım 2022 Perşembe tarihinde saat 02:37:06 UTC+3 itibarıyla [email protected] şunları yazdı: > Hi Matt, > Here is a comment that says they offered to constrain it - > https://bugzilla.mozilla.org/show_bug.cgi?id=1262809#c33 > The public discussion thread also indicates the same - > https://groups.google.com/g/mozilla.dev.security.policy/c/vjXyml8Hy-E/m/5JUs8e3YDAAJ > . > Ben > > > > On Wed, Nov 2, 2022 at 5:26 PM Matt Palmer <[email protected]> wrote: > >> On Wed, Nov 02, 2022 at 09:16:37AM -0600, Ben Wilson wrote: >> > We have received a request from Kamu Sertifikasyon Merkezi (KamuSM) ( >> > https://kamusm.bilgem.tubitak.gov.tr/) to expand its TLD restriction >> in NSS >> > to the .tr ccTLD level to meet the needs of its customers in Turkey. >> (Its >> > root is TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 >> > < >> https://crt.sh/?sha256=46EDC3689046D53A453FB3104AB80DCAEC658B2660EA1629DD7E867990648716 >> >.) >> > Currently, it is restricted at the subdomain level in NSS code to >> certain >> > subdomains under the .tr ccTLD (gov.tr, k12.tr, pol.tr, mil.tr, tsk.tr, >> > kep.tr, bel.tr, edu.tr and org.tr.). However, KamuSM currently receives >> > many certificate requests for other domain names ending with “.tr”, and >> it >> > is unable to provide TLS server certificates to those customers. >> >> Does anyone have an easily-to-hand pointer to the reasoning for the >> original >> name constraint being applied? (Lazyweb ftw!) >> >> - Matt >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/Y2L8kd1X8NjQJUS7%40hezmatt.org >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/978e7316-cf51-48ea-94a3-ebf2f6a1e8ean%40mozilla.org.
