[cabfpub] FW: About the CA recognition processes of root store owners

Ben Wilson ben at digicert.com
Fri May 9 17:04:33 UTC 2014

Below is a message to the CA/Browser Forum from Turktrust and a response
from me and Dean below.


From: management-bounces at cabforum.org
[mailto:management-bounces at cabforum.org] On Behalf Of N. ATILLA BILER
Sent: Tuesday, May 06, 2014 9:35 AM
To: CAB Forum Man
Subject: [cabfman] About the CA recognition processes of root store owners


Dear All,


As you already know, we have been discussing CA root recognition processes
for a while within the Forum. Even though
https://cabforum.org/browser-os-info/ web site presents links to information
about Browser/OS program requirements, we believe we should pay more
attention to this topic in our Forum discussions. 


As with other cases, root recognition is one of the processes that sets base
criteria for the CAs globally to be able to act and compete in the SSL
business. Surely, a CA should comply with these requirements as they do with
the ETSI and WebTrust requirements along with the CA/Browser Forum
Guidelines to demonstrate that they are providing SSL services with a
certain level of quality and security that will help to preserve the
reliability of the whole SSL ecosystem in the world. 


Affecting the SSL businesses of CAs directly, we expect the recognition
programs of the root store owners to be "clear", "followable", "objective"
and as important as these "transparent". These programs have points of
contacts, yet it is not always easy to have an active communication with
them. The problems in finding the right points of contact in addition to the
delays experienced throughout the communication makes this process the major
bottleneck for the CAs in introducing their new root hierarchies. 


If a CAs root is qualified with respect to the root recognition criteria of
a root store owner, then we believe it should be recognized as soon as
possible, with the earliest update and via an explicitly announced timeline.
Or else, the CA should be informed about the shortcomings timely, allowing
them to complete the requirements and continue the process with the root
store owner. This should, of course, be managed equally, fairly and
transparently, as the consequences directly affect the global SSL


We felt the necessity to share this subject with the Forum upon our long
time experiences with root store owners for years, especially after having
substantial difficulties with Google, Apple and Oracle. This is a top
priority issue for TURKTRUST having utmost importance in the managerial and
board level. Being an honored and equal member of the CA/Browser Forum as
all the other CAs, TURKTRUST top management is determined to take every
business and legal action required to achieve a just and fair recognition in
this respect. 


To put it in a nutshell, we invite all the CAs and Browsers within the
CA/Browser Forum to contribute more into this issue and help create a more
objective, equal and  transparent platform for all CAs allowing a fair
competition throughout the global SSL market.


Best regards,



N. Atilla BILER

Business Development Manager




- - - - - - - - - - - - - - - - -  



Thank you for your posting to the CAB Forum. As chair and co-chairs of the
Forum, we do not take a position on this topic, especially since this
appears to be a private matter between 2 parties. However, for the good of
the Forum, we encourage all members to work together toward a fair and
equitable resolution.  You have posted your side of the issue and it would
be useful to all members for other involved parties to weigh in as
appropriate. While the Forum cannot compel any party to respond, comment, or
act in any particular way, we would hope that the open dialogue in the Forum
continues as it has with a sense mutual respect, civility, and
professionalism, which have all made this group the success it is today.


Ben Wilson and Dean Coclin

CABF Chair and Vice Chair


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140509/27b7d6b9/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140509/27b7d6b9/attachment.p7s>

More information about the Public mailing list