1448506 - Remove TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 root cert

Status: RESOLVED FIXED

(NSS :: CA Certificates Code, task)

Description

[Kathleen Wilson]

Please remove the following root certificate from NSS.

Common Name: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
SHA-1 Fingerprint: C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB
SHA-256 Fingerprint: 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78

* This root is *not* enabled for EV treatment

Reason for removal: No current audit statements

Per Bug #1439127: "we have made a strategic decision ... suspending all SSL business supporting activities that incur direct costs for TURKTRUST, including suspending the ETSI and BR audits or OV and EV SSL related insurance policies."

Comment 1

[Atilla Biler]

For completeness, we are adding the reasons below that lead the TURKTRUST H5 root to be removed from NSS, as also stated under Bug 1439127:

"
We had been passing through a strategic reorganization about the future SSL business activities of TURKTRUST lately. As it is very well known by all SSL stakeholders including CA/Browser Forum members, our new roots had been accepted by all browser root stores except Apple Root Certificate Program. After our previous roots had completed their lifetime, we hadn’t been able to maintain recognition of our SSL certificates throughout Apple devices including the ones using iOS and macOS systems. Hence, we had temporarily suspended our SSL activities during late 2016. An announcement about this suspension was made to the CA/Browser Forum members and management at that date. We used formal communication channels to reach the related Apple Turkey and Apple US representatives, but found a real difficulty in reaching the right persons or getting a feedback from Apple Root Certificate Program in anyway. Nevertheless, we haven’t got any improvements about the solution of this case on the Apple side since then. 

Hence, we have made a strategic decision as of 2018 recently. This is the main reason for our delayed response to Mozilla inquiries.
 
The strategic decision mentioned above is actually suspending all SSL business supporting activities that incur direct costs for TURKTRUST, including suspending the ETSI and BR audits or OV and EV SSL related insurance policies. We have also ceased our investment and studies on CT and CAA requirements for the time being that are actually mandatory criteria set by the CA/Browser Forum. This situation will continue until we achieve positive improvements on the Apple side. 
 
In the meantime, we will continue our CA business and activities apart from SSL, namely for secure electronic signature and qualified electronic certificate services compliant to Turkish and EU legislation. This means we will be under continuous audits of our government regulatory and assessment body ICTA (Information and Communication Technologies Authority of Turkey) concerning our CA services except SSL. We will also maintain the mandatory insurance necessary for our qualified electronic certificate services according to our own legislation.
"