CA/Browser Forum
Home » All CA/Browser Forum Posts » Turktrust Statement on Root CA Recognition Process

Turktrust Statement on Root CA Recognition Process

As a member of the CA/Browser Forum, we want to share our experiences with trying to overcome hurdles with trust anchor programs during recognition processes. This is not a complaint issue, we just want to discuss it and open to any kind of advice.

Oracle is not a member of the Forum, yet we want to mention that we have spent a lot of efforts to complete the application form. The only answer was that we had been rejected without giving any reason. They have said please apply 6 months later. We have asked for the reasons of rejection and what kind of improvements should we make to be successful. Simply, there was no response.

About Google, you probably all know, but let me remind once more that, the roots which you can give EV certs should be hardcoded to Chromium. Additionally, Android, as an OS, is a separate project where you should apply for this recognition process. It has been more than two years that neither our root is EV-enabled nor our root is recognized by Android.

The initial phase for our EV enablement had been planned to January 2013 and due to the case we experienced last year the process was delayed substantially, even more than a year. Again you know that we showed our professionalism in our reaction to the situation strongly and took every single action we could take and we had to take in the period after that case had happened.

Now that we have documented our process and took additional special audits as well as our periodic follow up audits for ETSI TS 102 042 certification, including all the provisions of CAB Forum BRs and EV Guidelines, we feel and truly believe that we should be on the line for any root inclusion and EV enablement process in terms of browsers’ root programs.

We have been in close contact with Google since last year about our EV enablement and root update for Android and we are trying to get a definite roadmap. We have already announced a few delays to our customers in our SSL market and need to inform them professionally and with certainty as soon as possible.

Google has said that we are approved in Android, yet it is said to take place in one of their future releases. No time period for release has been given. The customers are asking for it. How can you say them we were done, but we do not know when you can start seeing the green EV indications!?

In summary, we want that such processes should be transparent and open. There should be a followable roadmap and some objective criteria. More than a year is a huge amount of time.

If there are any other criteria for selection or recognition, let us know. The recognition process should not be a bottleneck for this ecosystem. Hence, at this point, we would like to emphasize once more that we are ready to take any additional actions to speed up the processes considering root inclusion.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).