On Sat, Feb 23, 2019 at 06:51:11AM -0800, alex.gaynor--- via dev-security-policy wrote: > (Writing in my personal capacity)
I'm writing in my personal capacity, as much as possible, as well (I am a Tor/Tor Browser developer). > > One of the things that I think is important is to tease out factual > predicates that could be grounds for exclusion. [...] > > First, is honesty. Even as we build technologies such as CT and audit regimes > which improve auditability and accountability, CAs are ultimately in the > business of trust. https://twitter.com/josephfcox/status/1090592247379361792 > makes the argument that DarkMatter has been in the business of lying to > journalists. Lying is fundamentally incompatible with trust. > A phrase I've seen used repeatedly with regard to CAs is they must operate "beyond reproach", Ryan Sleevi has used this phrase more times than I can remember since I began following this mailing list (and CA/B discussions, in general). Certificate Authorities are placed in a unique position of trust on the Internet, and this trust must not be given easily. I appreciate this community's attempts at holding the CAs accountable for their errors, thank you. Cooper described the process of Root Certificate Inclusion as technical and bureaucratic. If a CA reaches BR compliance, then it shows some technical competence, but is that enough? This achievement presents no evidence of trustworthiness. That (trustworthiness) comes from ones reputation. As Alex, and others, mentioned, DarkMatter have a bad reputation when it comes to honesty and they are not a trusted organization. In addition, DarkMatter assert all of their public trust EV and OV TLS certificates are included in Certificate Transparency logs. Again this is a necessary step in achieving a reputation of being trustable, but by no means is it sufficient (DV certificates should be logged, as well, at a minimum). Regardless, Certificate Transparency only helps at post-compromise - it does not protect the user who was affected. We should not sacrifice one user for the greater good. Similary, DigiCert "[...] do not revoke certificates based purely on allegations of wrongdoing". This is understandable from a business and legal perspective, but not from the perspective of maintaining trust and protecting end-users from possible harm. Any direct evidence of intentional misissuance will be too late. The risk of misuse cannot be ignored even if we believe these root certificates are currently only used within their National PKI as a "national authentication and digital signing platform". There is a significant conflict of interest within DarkMatter. Based on that mounting evidence detailing their secret, offensive exploitation department (read defensive cyber security), their operation as a CA is absolutely reproachable and this sets an awful precedent. This holds true for their current intermediate, as well. Jeopardizing the security, safety, and privacy of Internet users because we don't have any publicly-known, direct evidence, of DarkMatter misusing their intermediate CA doesn't help me sleep at night. They are not a trusted entity, and they should not be treated as if they are trusted. Period. Mozilla should use their discretion and protect their users. Thanks, Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
