What you have there is TURKTRUST confessing to being utterly incompetent. It doesn't even matter whether that's cover for tacit involvement in a crime, it should be enough for a reasonable person to conclude that nobody involved in TURKTRUST can be permitted to run a CA.
And yet I will be totally unsurprised when, after the fuss has died down, all the major browser vendors continue to allow TURKTRUST to act as a CA, perhaps after a few insincere apology letters and unverifiable promises to improve.
So there's no force for change. When you get caught just handwave for a bit, wait until it blows over and then back to business. End users are powerless (does your grandmother know which sites she visits are using TURKTRUST certificates? do you?) and the browser vendors feel obliged to authorise the widest possible spectrum of CAs because of the Dancing Pigs problem.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds