[Servercert-wg] TURKTRUST Membership Challenge

Chema Lopez clopez at firmaprofesional.com
Mon Mar 2 00:00:00 MST 2020 

I agree with and I also wonder what it a Browser vendor acts unilaterally
against CA/Browser Forum decision. Let's put a random example: CABF decides
ina ballot (let's say ballot 22) that the validity period of
certificates remains the same, 27 months, and a Browser Forum, decides not
to follow this decision and unilaterally, only accept 13 month SSL
certificates.

Of course, this Browser vendor is a private organization and can do
whatever they want, but do they still have to be part of the CABF? Do they
still have the right to vote?

I'm interested in hearing the thoughts of you all.

Thanks.



*Chema López*

Director Área Innovación, Cumplimiento y Tecnología

+34 666 429 224






*Barcelona  *Av. Torre Blanca 57, Edif. Esadecreapolis, Local 3B6 - 08173
Sant Cugat del Vallès | +34 934 774 245

*Madrid  *C/ Velázquez 59, 1º Ctro-Izda. - 28001 Madrid | +34 915 762 181


www.firmaprofesional.com



*El contenido de este correo electrónico y de sus anexos es confidencial.
Si usted recibe este mensaje por error, debe saber que está prohibido hacer
uso, divulgación y/o copia del mismo. En tal caso le agradeceríamos que
advierta de inmediato a su remitente y que proceda a destruir el mensaje.*



*Le informamos que, cumpliendo la normativa en materia de protección de
datos, FIRMAPROFESIONAL tratará sus datos con la finalidad de garantizar
las relaciones con la empresa, entidad u organización a la que usted
representa o en la que trabaja y por el período que dure dicha
relación. Podrá ejercer sus derechos de acceso, rectificación, supresión,
limitación, portabilidad y oposición al tratamiento ante el Responsable:
FIRMAPROFESIONAL, S.A., Av. Torre Blanca, 57, local 3B6 (Edificio
Esadecreapolis), 08173 Sant Cugat del Vallès (Barcelona), o bien mediante
correo electrónico a: rgpd at firmaprofesional.com
<rgpd at firmaprofesional.com>, en cualquier caso adjuntando una copia de su
D.N.I. o documento equivalente. Asimismo, podrá formular reclamaciones ante
la Agencia Española de Protección de Datos. Para más información puede
consultar nuestra política de privacidad
<https://www.firmaprofesional.com/esp/aviso-legal>.*


On Fri, 28 Feb 2020 at 02:02, Wayne Thayer via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> TURKTRUST is a Certificate Issuer Forum Member that has voted on recent
> SCWG ballots. However, TURKTRUST's TLS certificates are no longer treated
> as valid by most browsers, leading me to suspect that TURKTRUST may no
> longer be eligible to participate as a voting member of the SCWG or Forum.
> In private correspondence with a TURKTRUST representative, I have not been
> able to obtain evidence that TURKTRUST remains eligible for membership.
> Therefore, I am sending this email in accordance with the SCWG charter,
> which states:
>
> A Certificate or Root Certificate Issuer Member’s membership may be
>> suspended if any of the following become true:
>>
>>    -
>>
>>    it fails to perform and disclose its membership-qualifying audit and
>>    fifteen (15) months have elapsed since the end of the audit period of its
>>    last successful membership-qualifying audit; or
>>    -
>>
>>    its membership-qualifying audit is revoked, rescinded or withdrawn; or
>>    -
>>
>>    fifteen (15) months have elapsed since the end of the audit period of
>>    its last membership-qualifying audit; or
>>    -
>>
>>    it is no longer the case that its currently-issued certificates are
>>    treated as valid by at least one (1) Certificate Consumer Member of the
>>    Server Certificate Working Group.
>>
>> Any Member who believes any of the above circumstances is true of any
>> other Member, that Member may report it on the SCWG Public Mail List. The
>> Chair will then investigate, including asking the reported Member for an
>> explanation or appropriate documentation. If evidence of continued
>> qualification for membership is not forthcoming from the reported Member
>> within five (5) working days, the Chair will announce that such Member is
>> suspended, such announcement to include the clause(s) from the above list
>> under which the suspension has been made.
>>
>
> Dimitris, I suspect that TURKTRUST no longer meets the last requirement
> above. in your role as SCWG Chair, please investigate.
>
> Thanks,
>
> Wayne
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200302/6796ceee/attachment.html>

More information about the Servercert-wg mailing list