Dear Ryan, A fair and transparent public discussion requires full disclosure of each participant's motivations and ultimate agenda. Whether in CABForum, or Mozilla-dev-security-policy, I represent the viewpoints of my employer DarkMatter and passionately believe in our unflagging efforts to provide the citizens, residents and visitors to the United Arab Emirates with the same internet security and privacy protections that are taken for granted in other parts of the world.
On Wednesday, March 6, 2019 7:51 PM, Ryan Sleevi wrote: > (Writing in a personal capacity) Until such time as we have been formally advised by your employer (Google), that you no longer represent their views in CABForum, or in this Mozilla-dev-security-policy forum, we will proceed on the basis that all of your statements are the official viewpoint of your employer (Google). > I highlight this, because given the inherently global nature of the > Internet, there is no technical need to work with local CAs, and, > with a well-run root store, all CAs provide an equivalent level of > protection and security, which rests in the domain authorization We reject your paternalistic view that there is no technical need for a local United Arab Emirates CA. Our own research has determined that approximately 68% of the websites in the United Arab Emirates are not adequately protected for HTTPS traffic (double the global average). If those incumbent CA monopolies that you champion were doing such a great job globally - why such a stark difference? We are of the view that CA monopolies are inherently bad for the internet in that they unfairly exploit market power. The result is a fundamental right to Internet security and privacy being deliberately priced out of reach for a significant population of the world. We ask you, what can be more an anti-competitive monopoly than a "well run store" (read Google/Mozilla) that does not take into consideration that sovereign nations have the fundamental right to provide digital services to their own citizens, utilizing their own national root, without being held hostage by a provider situated in another nation. You should note that DarkMatter's request is also for the inclusion of UAE's national root. > DarkMatter response to the serial number issue has demonstrated > that DarkMatter did not do the expected due diligence to investigate > and understand the issue. Your statement as Google's representative is quite disingenuous and self-serving. As a new member of the CABForum, we were not privy to the discussions for Ballot 164, and have interpreted the Baseline Requirements as they were written. We have made the necessary incident report and corrections. [1] We note that your own employer, Google, also discovered that it had the same entropy non-compliance with its serial numbers (as a result of the DarkMatter discussions highlighting it to them), and we presume that hundreds of thousands of certificate's would be affected globally (in comparison to the less than 300 impacted DarkMatter certificates).[2] Clearly the risk to users is larger in the Google case. Are you also going to accuse your employer (Google) as not having undertaken "the expected due diligence to investigate and understand the issue" that you demand from DarkMatter, and call for the same sanctions against Google that you wish to impose on DarkMatter? Does the Mozilla foundation stand by this double-standard because Google is one of its significant donors, and its default search engine? Reports indicate that in 2014, 90% of Mozilla's royalties revenue was derived from its contract with Google. We understand that the relationship persists today. [3] Transparency in a public discussion requires full disclosure and transparency from all - not just DarkMatter. > You have highlighted that you believe such articles are misleading, > but there are a number of unresponded questions to past replies > that seek to better understand. I am glad that you brought this up directly with me - and in this public discussion. Ryan, you have been one of the individuals who have been persistent in spreading this false narrative - as far back as February 2018 - during our initial submission to CABForum. We have duly noted and have been aware of your persistent attempts to interfere with our contractual relations. Your employer should know that we have had to expend considerable effort to defend against your back-room politicking, and defamatory innuendos, about the nature of our business. For the record, there are simply two (2) articles, which cite defamatory and categorically false sources, making utterly baseless allegations about DarkMatter's purpose and mission. These two narratives have been recycled repeatedly by journalists seeking a lurid and sensationalist myth-making angle on our purpose and mission. Repeating a lie ad-nauseam does not make it true. CA representatives (including the Mozilla representatives who have chosen to pre-judge DarkMatter using the same media sources ) do a great disservice to the idea of "trust" - when they persist in a concerted effort to accelerate this false narrative about DarkMatter, a commercial CA business head-quartered in the United Arab Emirates. Read my statement carefully: there are no ambiguities or loopholes in our categorical denials of any false claim made about DarkMatter in these misleading articles. These claims are baseless and have nothing to do with DarkMatter. It is very clear to us that your paternalistic dismissal of the need for regional or "local CAs" seems to indicate a hidden motivation: less CA's offering competitive services in the marketplace. Our view is clear and unambiguous: when CA's, or Root Store operators use their participation in the these process - in a manner that is intended to arbitrarily and without any valid proof, restrict or impede the inclusion of DarkMatter certificates, they are colluding to create an economic environment that is contrary to anti-trust laws. Benjamin Gabriel General Counsel Dark Matter Group Benjamin Gabriel | General Counsel & SVP Legal Tel: +971 2 417 1417 | Mob: +971 55 260 7410 benjamin.gabr...@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy