dear All, Once again thank you very much for your ideas, efforts and support for our case. We are quite delighted with the overall performance of this group and decided to follow up other topics in the group as well to increase our knowledge and experience on the target subjects to add value on our services.
Our English website (beta version) is ready and have been uploaded under domain. http://www.turktrust.com.tr/e/ is the current URL and it can be reached from http://www.turktrust.com.tr by pressing "English" button in the upper menu. You can analyze it in parallel but let me remark some crucial points there regarding the fuzzy concepts. "http://www.turktrust.com.tr/e/en51.jsp"; gives the current trust hierarchies, roots and subroots. I have mentioned why we have two roots (former is not currently used) in the Bugzilla discussion page. As you can notice, "Trial certificates" have a different trust hierarchy, different root and no subroot(s). You can investigate the details from the root of trial certificates. Besides, some other CAs (some of them exist in the IMO trusted CA store) issue same kind of certificates in the name of [trial/free/demo] certificates. The key point here is that there is no living connection between them and the target roots that we want to be recognized by IMO. They are not subject to any law including Turkish Digital Signature Law. They are free, dummy, intuitive and "trial" ceritificates just for promotion and advertisement. All the related material on trial certificates are detailly explained in CPS (v3) [which can be reached directly from http://www.turktrust.com.tr/e/pdf/cps_third.pdf]. As an employee of a company working on PKI, I personally disagree on modifying the CP and CPS to dispel the doubts on trial certificates as long as it is obligatory. We have skimmed similar CP's and CPS's of some elite CAs around the world and even some of them have not mentioned trial certificates in details. Moreover, I feel really comfortable as long as trial certificates are issued from a completely isolated hierarchy as a security officer. I understand the doubts on Latin character sets but it is a global problem, of course. Since we are definitely agree on standards defined by ASN.1 structures, PKCSs and related RFCs, UTF8 character set does not cause any trouble in common applications. Unfortunately, we have over 10.000 customers in Turkey and approxiamately 80% of their names include a non-latin character. The solution provided to this situation should be backward compatible , should not aggrieve CAs like us who have non-Latin national alphabet and definitely will not affect our acceptance to IMO store. Please remark the URLs as well: http://www.turktrust.com.tr/e/en52.jsp (Official document declared by TTA) shows that the security specialists of TTA authorize us which proves that there is no security leakage in our hierarchies, root and subroots. Best regards, Mert ÖZARAR TÜRKTRUST Representative _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
