NYT 12/23/2019 on the ToTok spying app and DarkMatter:
--
WASHINGTON — It is billed as an easy and secure way to chat by video or
text message with friends and family, even in a country that has
restricted popular messaging services like WhatsApp and Skype.
But the service, ToTok, is actu
Benjamin,
On behalf of Mozilla I'd like to acknowledge that your request has been
received and is under review.
- Wayne
On Tue, Jul 16, 2019 at 12:14 PM Benjamin Gabriel via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Message Body (6 of 6) APPEAL TO MOZILLA FOUNDATION
(I'm splitting the topic because at this point, continuing to discuss
the analogy doesn't have a direct bearing on the inclusion or otherwise
of DM)
Replies inline.
On 16/07/2019 23:23, Matthew Hardeman wrote:
I submit that I disagree somewhat with Gijs' suggestion that Mozilla acts
in the na
I would like to point out that in the recent appeal PDF posted on bugzilla
showed darkmatter.ae in the footer on page 2 and onwards. This further
makes me believe that there is not much separation of the entities.
- Cynthia
On Wed, 17 Jul 2019, 01:29 Ronald Crane via dev-security-policy, <
dev-se
I have to rebut the idea that revoking trust is an adequate -- let alone
an "essentially absolute" -- recourse for a CA's abuse of its authority.
The fact is that an abusive CA can cause unwanted (and potentially
harmful) code and data to be injected into -- and personal data to be
exfiltrated
In fairness, I think Mozilla essentially stipulated that this reason was
given little or no weight in the decision.
Specifically Wayne Thayer noted at [1]:
Some of this discussion has revolved around compliance issues, the most
prominent one being the serial number entropy violations discovered b
Hi Kathleen and community,
I understand that you've made a decision w/r/t the DarkMatter CA matters
and am not writing to challenge or attempt influence on those.
I'm responding here only in so far as that you were "intrigued" by my
comments analogizing Mozilla Root Trust store decisioning to the
I think it's interesting how one of the main technical arguments for
denying DarkMatter's root inclusion request -- the misissuance of
certificates with 63-bit identifiers instead of 64-bit identifiers, also
affected Google, Apple and Godaddy, and to a much greater extent:
https://www.thesslstore.
Message Body (6 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
1) Violation of Anti-Trust Laws:
The Module Owner’s discretionary decision, when taken into context with the
comments of other Mozilla Peers employed by other Browsers and/or competing
Certificate Authorities, are intended t
Message Body (5 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
1) Erroneous Legal Conclusions:
The Module Owner’s discretionary decision was guided by an erroneous legal
conclusion, when he determined that the legal ownership structure of the
Applicants was insufficient to allow them to
Message Body (4 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
1) Discriminatory Practices;
The Module Owner conducted his decision making process, and allowed the
distrust discussion to proceed, in a manner contrary to the Mozilla Foundation
commitment to an “Internet that includes all
Message Body (3 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
1) Abuse of Discretionary Power:
The Module Owner’s failure to consider relevant factors that should have been
given significant, or equal weight, and deliberate mischaracterizations of
facts intended to inflate the perceived
Message Body (2 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
2) Procedural Fairness/Bias:
The Module Owner’s decision making activities, and the supporting actions of
other Mozilla staff, were not procedurally fair, transparent, absent of bias,
nor made in good-faith.
a) The Applicant
Message Body (1 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS
Mozilla Foundation Board of Directors
Attention: Mitchell Baker, Executive Chairwoman
Mozilla Corporation
Attention: Chris Beard, CEO
Attention: Denelle Dixon-Thayer, General Counsel
July 16, 2019
Mozilla CA Certificate Polic
f Of Kathleen Wilson via dev-security-policy
Sent: Tuesday, July 16, 2019 8:20 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: DarkMatter Concerns
Caution: This email originated from outside DarkMatter. Do not click links or
open attachments unless you recognize the sender and believe
All,
Thanks again to all of you who have been providing thoughtful and
constructive input into this discussion. As I previously indicated [1],
this has been a difficult decision to make. I have been carefully
reading and contemplating the input that you all have been providing in
this forum.
On 11/07/2019 03:38, Matthew Hardeman wrote:
I used
the parallel to racism in finance because it's exceedingly well documented
that strong objective systems of risk management and decisioning led to
better overall financial outcomes AND significantly opened the door to
credit (aka trust) to other
As an ordinary user from.Russia, I am very glad that DarkMatter is rejected in
this thread. If for example there are complaints about some kind of plastic
surgeon, then it is better to refuse the operation than to immediately start
trying on yourself having believed his documents and risking to
On Wed, Jul 10, 2019 at 11:43 AM Scott Rea via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Mozilla’s new process, based on its own admission, is to ignore technical
> compliance and instead base its decisions on some yet to be disclosed
> subjective criterion which is app
Dear Ryan,
In outlining the two paths that I presented at the end of my previous
email, I made sure to illustrate the choice between them as one that comes
repeatedly -- a conscious choice that every time produces a small,
incremental improvement, often through a tiresome and onerous process.
Inde
Dear Ryan,
Thanks very much for this very insightful email. There really is a lot that
I and others don't know about how these decisions are made.
The silver lining here is that we agree on where some of the gaps are in
this process, and that Mozilla, Google and others are working on filling in
t
On Wed, Jul 10, 2019 at 3:17 PM Nadim Kobeissi
wrote:
> Many times in this discussion, we have all been offered a choice between
> two paths. The first path would be to examine difficult problems and
> shortcomings together and attempting to present incremental--often
> onerous--improvements. The
On Wed, Jul 10, 2019 at 2:15 PM Nadim Kobeissi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Indeed I would much rather focus on the rest of the elements in the Mozilla
> Root Store Policy (
>
> https://www.mozilla.org/en-US/about/governance/policies/security-group/cert
Dear Ryan,
Thank you very much for pointing out that in the examples listed by Fabio,
none of them actually control the private key. I did not know this and
assumed that the opposite would be the case for at least some of the
entities listed.
I am indeed a new participant and I have an infinitesi
I appreciate the ground work Fabio put into this thus far, and want to
see further discussion on it.
I think the safest way to quantity and frame the discussion is asking if
a CA (or subCA) has a vested interest in surveillance, other business
interest, or government ties which would put a CA to b
On Wed, Jul 10, 2019 at 1:07 PM Nadim Kobeissi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I would like to support the statements made by both Fabio and Scott to the
> extent that if Mozilla is to go forward with this decision, then I fully
> expect them to review the
On Wed, Jul 10, 2019 at 12:29 PM fabio.pietrosanti--- via
dev-security-policy wrote:
> Said that, given the approach that has been following with DarkMatter
> about "credible evidence" and "people safety" principles, i would strongly
> argue that Mozilla should take action against the subject pre
Hi Scott,
Below is my personal view on it, I acknowledge that it is highly subjective.
For one, people and companies in the UAE could get certs from non-UAE CAs.
I live in Sweden, yet I have certs from Norwegian, British, and American
CAs.
Another issue I have is that I think there is a differenc
I would like to support the statements made by both Fabio and Scott to the
extent that if Mozilla is to go forward with this decision, then I fully
expect them to review their existing CAs and to revoke onto OneCRL every
one of them that has some news report of blog post linking them to
nefarious a
G’day Folks,
DigitalTrust first learned of the Mozilla decision via Reuters. We believe this
is emblematic of Mozilla’s approach to our application which appears to have
been predetermined from the outset.
We believe yesterday’s decision is unfair and demonstrates an anti-UAE bias
where a 201
Dear Nex,
I doubt that anyone seriously believes that "reporters are lying out of their
teeth." It is far more likely that the reporters are working within the realm
of reason and covering things as they see them. So far all the actors in this
appear to be behaving in ways that make sense given
I understand the Nadim points, there's a lot of subjective biased "popular
judgement".
While from a security standpoint perspective "better safe than sorry" is a good
statement, from a rights and fairness perspective that's a very bad.
So further conversation is needed.
Following DarkMatter re
I understand the Nadim points, there's a lot of subjective biased "popular
judgement".
While from a security standpoint perspective "better safe than sorry" is a good
statement, from a rights and fairness perspective that's a very bad.
So further conversation is needed.
Following DarkMatter re
Even if we stipulated that all those accounts were fully accurate, all
those reports are about a separate business that happens to be owned by the
same owner.
Furthermore, in as far as none of those directly speak to their ability to
own or manage a publicly trusted CA, I would regard those issues
I think that dismissing as baseless investigations from 9 different
reporters, on 3 different newspapers (add one more, FP, if consider
this[1]) is misleading. Additionally, it is just false to say all the
articles only relied on anonymous sources (of which they have many, by
the way), but there ar
On Sun, Jun 23, 2019 at 11:52 AM Cynthia Revström via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> My view is a bit different, we have lots of CAs already, I think it is more
> important to be extra secure rather than to take unnecessary risks.
>
A position like this is n
On Tuesday, July 9, 2019 at 11:46:05 PM UTC+2, Matthew Hardeman wrote:
> ownership: Francisco Partners. It is difficult for me to see the
> difference, objectively speaking.
agree, but I think Francisco partners was ... rubbing the wrong way, too; and I
think that issue was let go way too easily
On Tue, Jul 9, 2019 at 4:34 PM mono.riot--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I think it's less about a single person than about an alleged firewalling
> of entities that end up being not firewalled at all, but all owned by the
> same person in the end.
>
T
On Tuesday, July 9, 2019 at 11:23:11 PM UTC+2, Matthew Hardeman wrote:
> Truly horrid organizations and/or individuals passively own all kinds of
> assets. A strong management team that can be trusted to keep commitments to
> sound the alarm if the organization goes off track is one way to addr
On Tuesday, July 9, 2019 at 10:31:27 AM UTC-5, Wayne Thayer wrote:
> DarkMatter has argued [3] that their CA business has always been operated
> independently and as a separate legal entity from their security business.
> Furthermore, DarkMatter states that once a rebranding effort is completed,
>
I wanted to supplement my previous email with an observation on how this
decision is already being covered by the same news outlet that are being
cited in the case against DarkMatter.
Reuters wrote this article:
https://www.reuters.com/article/us-usa-cyber-mozilla/mozilla-blocks-uae-bid-to-become-
The bug requesting that the existing subordinate CAs be added to OneCRL is
https://bugzilla.mozilla.org/show_bug.cgi?id=1564544
On Tue, Jul 9, 2019 at 8:31 AM Wayne Thayer wrote:
> I would like to thank everyone for their constructive input on this
> difficult issue. I would also like to thank D
Dear Wayne,
I fully respect Mozilla's mission and I fully believe that everyone here is
acting in good faith.
That said, I must, in my capacity as a private individual, decry what I
perceive as a dangerous shortsightedness and lack of intellectual rigor
underlying your decision. I do this as some
I would like to thank everyone for their constructive input on this
difficult issue. I would also like to thank DarkMatter representatives for
participating in the open, public discussion. I feel that the discussion
has now, after more than 4 months, run its course.
The question that I originally
My view is a bit different, we have lots of CAs already, I think it is more
important to be extra secure rather than to take unnecessary risks.
While I do understand that Dark Matter's focus is on the UAE, I also have
to say, as far as I am aware, there are multiple CAs that will issue certs
to peo
That article doesn’t seem to say anything new about Dark Matter that hasn’t
been reported before, doesn’t present evidence and doesn’t cite sources.
Furthermore the article appears to allege that Dark Matter “discussed”
potentially targeting The Intercept, not that it “tried to hack several of
This thread hasn't been updated in a while so I'm not sure what the status is
of dark matter being accepted but I thought this was a relevant update. The, US
based reporting agency The Intercept recently issued a report claiming that
Dark Matter has tried to hack several of their employees.
htt
Thank you for sharing this information Scott.
On Wed, May 15, 2019 at 2:49 AM Scott Rea wrote:
>
> Please advise if additional information relating to this change is
> required.
>
>
As pointed out in earlier discussions about DarkMatter's QuoVadis-signed
intermediates [1], and the policy 2.7 pro
G’day Folks,
As previously discussed on this thread, the DarkMatter Trust Services practice
(including DarkMatter CAs) has been operated in a separate entity to the DM
Group, that entity is Digital Trust – Sole Proprietorship L.L.C.
(“DigitalTrust”) which was established in the United Arab Em
Greetings,
I'm basing my opinion on EFF's article (RE:
https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else).
I submit that EFF makes valid points and I agree with their assessment.
DarkMatter appears to be a threat actor and should no
> The New York Times article that you reference does not add anything new to
> the misleading allegations previously published in the Reuters article. It
> simply repeats ad-nauseum a false, and categorically denied, narrative about
> DarkMatter, under the guise of an investigative reporting
I'm not sure on the weighting of the two sides that you point out, but I do
broadly agree that it is about striking some balance between those two ends.
That said, if all outcomes are equally bad, I think I favor the bad outcome
that doesn't open the door to accusations of a discriminatory approac
What a strange situation.
On the one hand, denying DarkMatter's CA bid because of these press
articles would set the precedent of refusing to accept the engagement and
apparent good faith of a member of the industry, based only on hearsay and
with no evidence.
On the other hand, deciding to move
On Fri, Mar 22, 2019 at 9:19 AM Benjamin Gabriel via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> On 2/24/19 11:08 AM, Nex wrote:
>
> > The New York Times just published another investigative report that
> mentions
> > DarkMatter at length, with additional testimonies go
Benjamin Gabriel | General Counsel & SVP Legal
Tel: +971 2 417 1417 | Mob: +971 55 260 7410
benjamin.gabr...@darkmatter.ae
The information transmitted, including attachments, is intended only for the
person(s) or entity to which it is addressed and may contain confidential
and/or privileged m
Benjamin Gabriel | General Counsel & SVP Legal
Tel: +971 2 417 1417 | Mob: +971 55 260 7410
benjamin.gabr...@darkmatter.ae
The information transmitted, including attachments, is intended only for the
person(s) or entity to which it is addressed and may contain confidential
and/or privileged m
On 2/24/19 11:08 AM, Nex wrote:
> On 2/23/19 11:07 AM, Scott Rea via dev-security-policy wrote:
>> G’day Wayne et al,
>>
>> In response to your post overnight (included below), I want to assure you
>> that DarkMatter’s work is solely focused on defensive cyber security, secure
>> communications
G’day Folks,
It was a pleasure meeting many of the Mozilla community face to face at the CAB
Forum meeting at Apple HQ last week. There are many others of you however,
whose interface to the community is right here on this list, and so I wanted to
share my perspective and feedback here on the
My apologies to the list for having unintentionally posted two
rather different versions of the same post, one long, and one
short.
I had initially tried to post using the Google Groups web interface,
but there was, apparently, a dramatic lag time in that post actually
being relayed to the list
Wow!
I read this whole thread from top to bottom this afternoon/evening, and all I
got was a splitting headache and this lousy t-shirt: https://bit.ly/2UpZxIz
But seriously folks, just a couple of simple questions.
Firstly, is this a private discussion or may any member of the Great Unwashed
M
On Thursday, March 7, 2019 at 11:14:46 AM UTC-5, Matthew Hardeman wrote:
> On Thu, Mar 7, 2019 at 10:10 AM Ken Myers (personal capacity) via
> dev-security-policy wrote:
>
> > Is the issue that a Dark Matter business unit may influence the Dark
> > Matter Trust Services (a separate unit, but part
On Thursday, March 7, 2019 at 6:35:13 PM UTC-5, Matt Palmer wrote:
> On Thu, Mar 07, 2019 at 10:20:34AM -0600, Matthew Hardeman wrote:
> > Let's Encrypt does not quite provide certificates to everyone around the
> > world. They do prevent issuance to and revoke prior certificates for those
> > on
I've read what I believe to be all of the messages in this thread to
date, but it appears that I may have missed something.
The word "transparency" and/or derivatives thereof has come up several
times in this thread. Also, that same word, or derivatives thereof,
was/were included no fewer than
On Thursday, March 7, 2019 at 1:27:42 PM UTC-5, Kristian Fiskerstrand wrote:
> On 3/7/19 6:59 PM, Jaime Hablutzel via dev-security-policy wrote:
> > So the following holds true and (from my point of view) very critical
> > indeed. Quoting Benjamin Gabriel:
> >
> >> ...that sovereign nations have t
On Thursday, March 7, 2019 at 10:17:21 AM UTC-5, Ryan Sleevi wrote:
> On Thu, Mar 7, 2019 at 9:52 AM Jaime Hablutzel via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > I would just like to remind you all the universally accepted concept of
> > "Presumption of innocence
On Thu, Mar 07, 2019 at 05:30:24PM -0600, Matthew Hardeman wrote:
> On Thu, Mar 7, 2019 at 5:14 PM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > Whilst those are all good points, I don't see how any of them require the
> > CA
> > to control an unconstrain
On Thu, Mar 7, 2019 at 5:35 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> In the face of exterior political force, the people of the UAE couldn't get
> *globally trusted* certificates full-stop. Off the top of my head, all of
> the widely-adopted web P
On Thu, Mar 07, 2019 at 10:20:34AM -0600, Matthew Hardeman wrote:
> Let's Encrypt does not quite provide certificates to everyone around the
> world. They do prevent issuance to and revoke prior certificates for those
> on the United States various SDN (specially designated nationals) lists.
> For
On Thu, Mar 7, 2019 at 5:14 PM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Whilst those are all good points, I don't see how any of them require the
> CA
> to control an unconstrained intermediate CA certificate (or a root
> certificate). All of those t
On Thu, Mar 07, 2019 at 04:59:16PM +, Scott Rea via dev-security-policy
wrote:
> I am committed to a respectful dialogue, and I too (as others have already
> suggested here) would appreciate clear and definitive criteria in respect
> to what Mozilla requires to enable DM Trust Services to demo
On Thu, Mar 07, 2019 at 03:39:46AM -0800, nadim--- via dev-security-policy
wrote:
> I think we're all choosing to kid ourselves here if we continue to say
> that the underlying impetus for this discussion isn't primarily
> sociopolitical.
You're free to think whatever you like. You're *wrong*, b
On Thu, Mar 7, 2019 at 11:55 AM Wayne Thayer wrote:
This line of thinking seems to conflate a few different issues.
>
That is true. I apologize for that, but also feel that some of these
different issues and how they'd play out in relation with this current
matter and ultimately with the inclus
On Wed, Mar 06, 2019 at 08:56:47PM -0800, astronut--- via dev-security-policy
wrote:
> Setting aside the discussion about DarkMatter specifically, here are some
> ways in which having a CA in a new jurisdiction that isn't currently
> represented in the ecosystem can bring value:
>
> * Allow users
On Thu, Mar 7, 2019 at 11:33 AM Wayne Thayer wrote:
> Nadim and Matthew,
>
> Can you explain and provide examples for how this "set of empirical
> requirements" differs from the objective requirements that currently exist?
>
Hi, Wayne,
I think the matter of whether or not I could or should opin
On Thu, Mar 7, 2019 at 11:29 AM James Burton wrote:
> I'm talking about someone from a restricted country using a undocumented
> domain name to obtain a Let's Encrypt certificate and there is nothing that
> can be done about it. We can't predict the future.
>
So your assertion, then, is that whe
On 3/7/19 6:59 PM, Jaime Hablutzel via dev-security-policy wrote:
> So the following holds true and (from my point of view) very critical
> indeed. Quoting Benjamin Gabriel:
>
>> ...that sovereign nations have the fundamental right to provide
>> digital services to their own citizens, utilizing th
On Thursday, March 7, 2019 at 12:30:03 PM UTC-5, James Burton wrote:
> I'm talking about someone from a restricted country using a undocumented
> domain name to obtain a Let's Encrypt certificate and there is nothing that
> can be done about it.
Until they get caught and their certificates revoke
On Thursday, March 7, 2019 at 11:20:54 AM UTC-5, Matthew Hardeman wrote:
> On Thu, Mar 7, 2019 at 4:20 AM James Burton via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> >
> > There isn't any monopoly that prevents citizens and organizations in the
> > United Arab Emirat
On Thu, Mar 7, 2019 at 9:20 AM Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> What the people of the UAE don't have today is the ability to acquire
> globally trusted certificates from a business in their own legal
> jurisdiction who would be able to p
Nadim and Matthew,
Can you explain and provide examples for how this "set of empirical
requirements" differs from the objective requirements that currently exist?
Nadim, your latest suggestion sounds different from your earlier suggestion
that Mozilla provide a "set of unambiguous statements for
I'm talking about someone from a restricted country using a undocumented
domain name to obtain a Let's Encrypt certificate and there is nothing that
can be done about it. We can't predict the future.
Thank you,
Burton
On Thu, Mar 7, 2019 at 5:23 PM Matthew Hardeman wrote:
>
> On Thu, Mar 7, 20
On Thu, Mar 7, 2019 at 11:11 AM James Burton wrote:
> Let's be realistic, anyone can obtain a domain validated certificate from
> Let's Encrypt and there is nothing really we can do to prevent this from
> happening. Methods exist.
>
I am continuing to engage in this tangent only in as far as it
Let's be realistic, anyone can obtain a domain validated certificate from
Let's Encrypt and there is nothing really we can do to prevent this from
happening. Methods exist.
Thank you,
Burton
On Thu, Mar 7, 2019 at 4:59 PM Matthew Hardeman wrote:
>
> On Thu, Mar 7, 2019 at 10:54 AM James Burton
On Thu, Mar 7, 2019 at 10:54 AM James Burton wrote:
> Let's Encrypt issues domain validation certificates and anyone with a
> suitable domain name (e.g. .com, .net, .org ) can get one of these
> certificates just by proving control over the domain by using the DNS or "
> /.well-known/pki-val
G’day Folks,
My apologies, I have been airborne without connectivity and it appears I have a
LOT of dialogue to catch up on.
At DarkMatter, we are passionate about what we do (as I know most folks
contributing here are also - just by very nature of the time and effort taken
to engage). The ope
I mean country location of the individual doesn't matter. They could be for
example be using a VPN to connect to Google Cloud instance and get a
certificate that way.
Thank you,
Burton
On Thu, Mar 7, 2019 at 4:53 PM James Burton wrote:
> Let's Encrypt issues domain validation certificates and
Let's Encrypt issues domain validation certificates and anyone with a
suitable domain name (e.g. .com, .net, .org ) can get one of these
certificates just by proving control over the domain by using the DNS or "
/.well-known/pki-validation" directory as stated in the CAB Forum baseline
require
On Thu, Mar 7, 2019 at 10:20 AM Matthew Hardeman
wrote:
>
> Let's Encrypt does not quite provide certificates to everyone around the
> world. They do prevent issuance to and revoke prior certificates for those
> on the United States various SDN (specially designated nationals) lists.
> For examp
On Thu, Mar 7, 2019 at 4:20 AM James Burton via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> There isn't any monopoly that prevents citizens and organizations in the
> United Arab Emirates to get certificates from CAs and they are not
> expensive. Let's Encrypt provides
On Thu, Mar 7, 2019 at 10:10 AM Ken Myers (personal capacity) via
dev-security-policy wrote:
> Is the issue that a Dark Matter business unit may influence the Dark
> Matter Trust Services (a separate unit, but part of the same company) to
> issue certificates for malicious purposes?
>
> or is it
On Thu, Mar 7, 2019 at 9:18 AM nadim--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I would like to repeat my call for establishing a set of empirical
> requirements that take into account the context of DarkMatter's current
> position in the industry as well as their
Is the issue that a Dark Matter business unit may influence the Dark Matter
Trust Services (a separate unit, but part of the same company) to issue
certificates for malicious purposes?
or is it a holistic corporate ethics issue (in regards to Mozilla community
safety) of a Mozilla-trusted serv
On Thu, Mar 7, 2019, 4:29 PM Ryan Sleevi wrote:
>
> On Thu, Mar 7, 2019 at 10:18 AM nadim--- via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> I think we're all choosing to kid ourselves here if we continue to say
>> that the underlying impetus for this discussion isn
On Thu, Mar 7, 2019 at 10:18 AM nadim--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I think we're all choosing to kid ourselves here if we continue to say
> that the underlying impetus for this discussion isn't primarily
> sociopolitical. The sooner an end is put to
On Thu, Mar 7, 2019 at 12:09 AM Benjamin Gabriel via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> A fair and transparent public discussion requires full disclosure of each
> participant's motivations and ultimate agenda. Whether in CABForum, or
> Mozilla-dev-security-poli
I would like to repeat my call for establishing a set of empirical requirements
that take into account the context of DarkMatter's current position in the
industry as well as their specific request for the inclusion of a specific root
CA.
While I don't necessarily fully support the method with
On Thu, Mar 7, 2019 at 9:52 AM Jaime Hablutzel via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I would just like to remind you all the universally accepted concept of
> "Presumption of innocence". Quoting from
> https://en.wikipedia.org/wiki/Presumption_of_innocence:
>
>
[Writing in a personal capacity, these views do not represent those of my
employer]
On Wednesday, March 6, 2019 at 7:51:21 AM UTC-8, Ryan Sleevi wrote:
>
> As it relates to TLS certificates, which is the purpose of discussion for
> this root inclusion, could you highlight or explain why "citizen
I would just like to remind you all the universally accepted concept of
"Presumption of innocence". Quoting from
https://en.wikipedia.org/wiki/Presumption_of_innocence:
>The presumption of innocence is the legal principle that one is considered
>innocent unless proven guilty. It was traditiona
I would just like to remind you all the universally accepted concept of
"Presumption of innocence". Quoting from
https://en.wikipedia.org/wiki/Presumption_of_innocence:
>The presumption of innocence is the legal principle that one is considered
>innocent unless proven guilty. It was traditional
1 - 100 of 204 matches
Mail list logo
