On Friday, February 22, 2019 at 2:37:20 PM UTC-8, Jonathan Rudenberg wrote: > With regards to the broader question, I believe that DarkMatter's alleged > involvement with hacking campaigns is incompatible with operating a > trustworthy CA. This combined with the existing record of apparent > incompetence by DarkMatter (compare the inclusion bugs for other recently > approved CAs for contrast), makes me believe that the approval request should > be denied and the existing intermediates revoked via OneCRL. I don't see how > approving them, or the continued trust in their intermediates, would be in > the interests of Mozilla's users or compatible with the Mozilla Manifesto. > > Jonathan > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c29 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c32
I wrote a post about this issue this morning for EFF: https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else Given DarkMatter's business interest in intercepting TLS communications adding them to the trusted root list seems like a very bad idea. (I would go so far as revoking their intermediate certificate as well, based on these revelations.) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy