On Fri, Feb 22, 2019 at 03:45:39PM -0800, cooperq--- via dev-security-policy wrote: > On Friday, February 22, 2019 at 2:37:20 PM UTC-8, Jonathan Rudenberg wrote: > > With regards to the broader question, I believe that DarkMatter's alleged > > involvement with hacking campaigns is incompatible with operating a > > trustworthy CA. This combined with the existing record of apparent > > incompetence by DarkMatter (compare the inclusion bugs for other recently > > approved CAs for contrast), makes me believe that the approval request > > should be denied and the existing intermediates revoked via OneCRL. I don't > > see how approving them, or the continued trust in their intermediates, > > would be in the interests of Mozilla's users or compatible with the Mozilla > > Manifesto. > > > > Jonathan > > > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c29 > > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c32 > > I wrote a post about this issue this morning for EFF: > https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else > > Given DarkMatter's business interest in intercepting TLS communications > adding them to the trusted root list seems like a very bad idea. (I would go > so far as revoking their intermediate certificate as well, based on these > revelations.)
I would also like to have a comment from the current root owner (digicert?) on what they plan to do with it. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy