Public Discussion of e-Tuğra's Inclusion Request

287 views
Skip to first unread message

Ben Wilson

unread,
Mar 29, 2022, 6:41:18 PM3/29/22
to dev-secur...@mozilla.org

All,

This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process (https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for e-Tuğra’s inclusion request  (Bug # 1628720, CCADB Case # 576) for the following two (2) root CA certificates:

E-Tugra Global Root CA RSA v3

https://crt.sh/?sha256=EF66B0B10A3CDB9F2E3648C76BD2AF18EAD2BFE6F117655E28C4060DA1A3F4C2

http://rep.e-tugra.com/crt/etugra_v3gr_root.crt

E-Tugra Global Root CA ECC v3

https://crt.sh/?sha256=873F4685FA7F563625252E6D36BCD7F16FC24951F264E47E1B954F4908CDCA13

http://rep.e-tugra.com/crt/etugra_v3ge_root.crt


Mozilla is considering approving e-Tuğra’s request to add these roots as trust anchors with the websites trust bit and to EV-enable them.


Repository: The e-Tuğra document repository is located here:

https://e-tugra.com.tr/en/certificate-policy-and-practice-statement/

Relevant Policy and Practices Documentation:

Certificate Policy, v. 6.2, dated March 16, 2022

https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CP_v6_2.pdf

Certification Practices Statement, v. 6.2, dated March 16, 2022

https://e-tugra.com.tr/wp-content/uploads/2022/03/E-Tugra_CPS_v6_2.pdf

 

Self-Assessments and Mozilla CPS Reviews are located as attachments in Bug # 1628720.

 

Audits:  Annual audits have been performed by LSTI under the ETSI audit scheme.  The most recent audit was completed for the period ending July 24, 2021. 

See https://www.lsti-certification.fr/wp-content/uploads/2021/10/E-TUGRA-%E2%80%93-1646-220-AL-V1.1_S.pdf

Incidents

e-Tuğra has no open incidents in Bugzilla. In the past 12 months, there were two (2) incidents involving e-Tuğra, which are now closed:

1716843 - CA Certificate Missing from Audit Reports (CA revoked January 2022)

1716902 - e-Tuğra CPS stated it used an outdated domain validation method based on BR section 3.2.2.4.6


I have no further questions or concerns about e-Tuğra’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of e-Tuğra must promptly respond directly in the discussion thread to all questions that are posted.

This email begins the 3-week comment period, which I’m scheduling to close on or about April 20, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10).

Sincerely yours,

Ben Wilson

Mozilla Root Program Manager

 

Ben Wilson

unread,
Apr 25, 2022, 2:25:09 PM4/25/22
to dev-secur...@mozilla.org

All,

On March 29, 2022, we began a three-week public discussion[1] on the request from e-Tuğra for inclusion of its two root certificates, the E-Tugra Global Root CA RSA v3 and the E-Tugra Global Root CA ECC v3. (Step 4 of the Mozilla Root Store CA Application Process[2]). 

Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:  

We did not receive any objections or other questions or comments in opposition to e-Tuğra’s request. I do not believe there are any action items for e-Tuğra to complete.

Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: 

This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve e-Tuğra’s request (Step 10). 

This begins a 7-day “last call” period for any final objections.

Thanks,

Ben

[1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/ylNHGT1arUE/m/GKcyixI8FAAJ

[2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview

Reply all
Reply to author
Forward
0 new messages