On 2/23/19 11:07 AM, Scott Rea via dev-security-policy wrote: > G’day Wayne et al, > > In response to your post overnight (included below), I want to assure you > that DarkMatter’s work is solely focused on defensive cyber security, secure > communications and digital transformation. We have never, nor will we ever, > operate or manage non-defensive cyber activities against any nationality. > > Furthermore, in the spirit of transparency, we have published all our public > trust TLS certificates to appropriate CT log facilities (including even all > our OV certificates) before this was even a requirement. We have been > entirely transparent in our operations and with our clients as we consider > this a vital component of establishing and maintaining trust. > > We have used FIPS certified HSMs as our source of randomness in creating our > Authority certificates, so we have opened an investigation based on Corey > Bonnell’s earlier post regarding serial numbers and will produce a > corresponding bug report on the findings. > > I trust this answers your concerns and we can continue the Root inclusion > onboarding process.
For clarity, are you rejecting all of the following articles and blog posts as false and fabricated? 1. https://www.reuters.com/investigates/special-report/usa-spying-raven/ 2. https://theintercept.com/2016/10/24/darkmatter-united-arab-emirates-spies-for-hire/ 3. https://www.evilsocket.net/2016/07/27/How-The-United-Arab-Emirates-Intelligence-Tried-to-Hire-me-to-Spy-on-its-People/ I don't mean to be cynical, but a personal assurance vs. the amounting evidence and sources spanning over years, isn't a very convincing argument. Best, C. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy