On Thu, Mar 07, 2019 at 05:17:07AM +0000, Benjamin Gabriel via dev-security-policy wrote: > On Wednesday, March 6, 2019 7:51 PM, Ryan Sleevi wrote:> > > DarkMatter response to the serial number issue has demonstrated > > that DarkMatter did not do the expected due diligence to investigate > > and understand the issue. > > Your statement as Google's representative is quite disingenuous and > self-serving. As a new member of the CABForum, we were not privy to the > discussions for Ballot 164, and have interpreted the Baseline Requirements > as they were written.
I explained[1] how repeatedly asking an RNG for a 64-bit number that meets certain criteria is not 64 bits of output from said RNG. Coming to that conclusion doesn't require a history lesson. Making the mistake isn't the real problem, though. Mistakes happen. It is how the mistake is responded to which is important. DarkMatter's representative persisted in trying to pretend there wasn't a problem when there was. That does not show the sort of openness to improvement which I, at least, would prefer to see in a globally-trusted CA. > > You have highlighted that you believe such articles are misleading, > > but there are a number of unresponded questions to past replies > > that seek to better understand. > > I am glad that you brought this up directly with me - and in this public > discussion. Ryan, you have been one of the individuals who have been > persistent in spreading this false narrative - as far back as February > 2018 - during our initial submission to CABForum. We have duly noted and > have been aware of your persistent attempts to interfere with our > contractual relations. Your employer should know that we have had to > expend considerable effort to defend against your back-room politicking, > and defamatory innuendos, about the nature of our business. I'm curious how you think that throwing around veiled threats of legal action against one of the more widely-respected members of this community is going to encourage people to trust your organisation *more*. - Matt [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/c6HoK97RBQAJ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
