Re: Include Renewed Kamu SM root certificate

2017-03-16 Thread Kathleen Wilson via dev-security-policy
On Wednesday, March 15, 2017 at 9:56:25 AM UTC-7, Kathleen Wilson wrote: > Thanks to those of you who have reviewed and commented on this request from > the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), to include > the "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root

Re: Include Renewed Kamu SM root certificate

2017-03-15 Thread Kathleen Wilson via dev-security-policy
Thanks to those of you who have reviewed and commented on this request from the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), to include the "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root certificate, and enable the Websites trust bit. I believe that all of the questions

Re: Include Renewed Kamu SM root certificate

2017-03-14 Thread Ryan Sleevi via dev-security-policy
On Tue, Mar 14, 2017 at 5:10 PM, tugba onder via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Upon your request, we re-examined the current version of CAB BR (v.1.4.2) > with our CPS document that describes our way of doing business. We did this > work under these main

Re: Include Renewed Kamu SM root certificate

2017-03-14 Thread tugba onder via dev-security-policy
Hi Ryan, >My request was one of just taking a few days / a week to re-examine what >the current BRs are, using your knowledge of your policies and practices, >and make sure that all methods are consistent. For example, the 64-bits of >entropy, the aligned-with-3.2.2.4.6 method of domain

Re: Include Renewed Kamu SM root certificate

2017-03-09 Thread Ryan Sleevi via dev-security-policy
On Thu, Mar 9, 2017 at 12:26 PM, tugba onder via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Here, the part that needs to be taken care is "validate using at least one > of the methods listed". Although we mentioned it in our previous response, > I guess you missed it;

Re: Include Renewed Kamu SM root certificate

2017-03-09 Thread tugba onder via dev-security-policy
Hi Ryan, >Right, but the reason I highlighted this is that the audit noted >conformance to v1.4.1, but the process you described wasn't consistent with >v1.4.1. It's understandable that the auditable controls for 1.4.1 have not >been developed, so I'm not particularly surprised that this

Re: Include Renewed Kamu SM root certificate

2017-03-08 Thread Ryan Sleevi via dev-security-policy
On Wed, Mar 8, 2017 at 9:56 AM, tugba onder via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > 3.2.2.4.6: Applicant representative is requested to change a web page > hosted in certificate requested domain. That change is done by serving the > file which we sent for this

Re: Include Renewed Kamu SM root certificate

2017-03-08 Thread tugba onder via dev-security-policy
Hi Kathleen, Our updated CP/CPS documents in Turkish and in English are now in our web page. Here are the related links: http://depo.kamusm.gov.tr/ilke/KamuSM_CPS/KamuSM_CPS_En.pdf http://depo.kamusm.gov.tr/ilke/KamuSM_CPS/KamuSM_CPS_Tr.pdf ___

Re: Include Renewed Kamu SM root certificate

2017-03-08 Thread tugba onder via dev-security-policy
Hi Ryan, Firstly, thank you for spending time and reviewing our work. Our answer to the two points you have stated is the following. 1) Domain Validation Methods > This section states "WHOIS records pertinent to domain name specified in > the certificate application shall be verified via

Re: Include Renewed Kamu SM root certificate

2017-03-07 Thread Ryan Sleevi via dev-security-policy
On Tue, Mar 7, 2017 at 6:01 PM, Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > 1) Domain Validation Methods > For the CA, I recommend reviewing section 3.2.2.4 of version 1.4.1 of the > CA/Browser Forum’s Baseline Requirements, because many of the

Re: Include Renewed Kamu SM root certificate

2017-03-07 Thread Kathleen Wilson via dev-security-policy
Thank you Andrew and Ryan for your feedback on this request to include the "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root certificate, and enable the Websites trust bit. Note that the new SHA-256 root certificate will replace the SHA1 “TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı -

Re: Include Renewed Kamu SM root certificate

2017-03-07 Thread Ryan Sleevi via dev-security-policy
On Tue, Mar 7, 2017 at 9:14 AM, tuubaonder--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > This section states "WHOIS records pertinent to domain name specified in > the certificate application shall be verified via 'www.nic.tr'". It would > be useful to have more

Re: Include Renewed Kamu SM root certificate

2017-03-07 Thread tuubaonder--- via dev-security-policy
Hi Andrew and Kathleen, Thanks Andrew for reviewing our CPS document. We have updated the CPS document by the direction of your indications. Also you can find our replies below: 1.2 Document Name and Identification Document version number is 3, but the front page and headers say version 1.

Re: Include Renewed Kamu SM root certificate

2017-03-03 Thread Andrew R. Whalley via dev-security-policy
Hello, I've read though the English language version of CP/CPS dated March 30, 2016 version 1 and made the following notes: No version history at the front of the document. This not required, but is evidence of good document change management and is a useful reference to see what's changed when

Include Renewed Kamu SM root certificate

2017-02-02 Thread Kathleen Wilson
This request from the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), is to include the “TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1” root certificate, and enable the Websites trust bit. This SHA-256 root certificate will eventually replace the SHA1 “TÜBİTAK UEKAE Kök Sertifika