Benjamin, There is one theme in all of your responses and it's perfectly clear that you feel strongly that this discussion as a whole is an attack not only on DarkMatter's operations but on the United Arab Emirates sovereignty right to able to have a root included in the Mozilla root store and use of a non-constrained intermediate. You're constantly framing your responses to discredit and attack well respected, fair and honest individuals by stating that they are peddling hidden agenda against DarkMatter and United Arab Emirates which is clearly false. There motives are to protect Mozilla users around the world and to do this they are objectively looking at all of the reports from multiple news organizations, previous and on going discussions on here and other places to determent if DarkMatter's operations are truly trustworthy to the highest degree. Remember, money can't buy trustworthiness it must be earned by showing clearly the true face of the operations within the organization. Next.
The CAB Forum current and previous ballots and discussions are public knowledge and by stating that DarkMatter couldn't have known about these discussions or ballots is porkies. What you are really saying to everyone is that DarkMatter couldn't be bothered to search though the CAB Forum's previous discussions and ballots which demonstrates an amateurish operation at heart. Being a CA is a serious operation and as such they are expected in the eyes to everyone that should know every policy, every current and previous ballot, every rfc standard, etc which affect the CA operationally. Next. There isn't any monopoly that prevents citizens and organizations in the United Arab Emirates to get certificates from CAs and they are not expensive. Let's Encrypt provides free domain validated certificates to everyone around the world. Next. Thank you, Burton On Thu, Mar 7, 2019 at 8:09 AM Benjamin Gabriel via dev-security-policy < [email protected]> wrote: > Dear Ryan, > > A fair and transparent public discussion requires full disclosure of each > participant's motivations and ultimate agenda. Whether in CABForum, or > Mozilla-dev-security-policy, I represent the viewpoints of my employer > DarkMatter and passionately believe in our unflagging efforts to provide > the citizens, residents and visitors to the United Arab Emirates with the > same internet security and privacy protections that are taken for granted > in other parts of the world. > > On Wednesday, March 6, 2019 7:51 PM, Ryan Sleevi wrote: > > (Writing in a personal capacity) > > Until such time as we have been formally advised by your employer > (Google), that you no longer represent their views in CABForum, or in this > Mozilla-dev-security-policy forum, we will proceed on the basis that all of > your statements are the official viewpoint of your employer (Google). > > > I highlight this, because given the inherently global nature of the > > Internet, there is no technical need to work with local CAs, and, > > with a well-run root store, all CAs provide an equivalent level of > > protection and security, which rests in the domain authorization > > We reject your paternalistic view that there is no technical need for a > local United Arab Emirates CA. Our own research has determined that > approximately 68% of the websites in the United Arab Emirates are not > adequately protected for HTTPS traffic (double the global average). If > those incumbent CA monopolies that you champion were doing such a great job > globally - why such a stark difference? > > We are of the view that CA monopolies are inherently bad for the internet > in that they unfairly exploit market power. The result is a fundamental > right to Internet security and privacy being deliberately priced out of > reach for a significant population of the world. We ask you, what can be > more an anti-competitive monopoly than a "well run store" (read > Google/Mozilla) that does not take into consideration that sovereign > nations have the fundamental right to provide digital services to their own > citizens, utilizing their own national root, without being held hostage by > a provider situated in another nation. You should note that DarkMatter's > request is also for the inclusion of UAE's national root. > > > DarkMatter response to the serial number issue has demonstrated > > that DarkMatter did not do the expected due diligence to investigate > > and understand the issue. > > Your statement as Google's representative is quite disingenuous and > self-serving. As a new member of the CABForum, we were not privy to the > discussions for Ballot 164, and have interpreted the Baseline Requirements > as they were written. We have made the necessary incident report and > corrections. [1] We note that your own employer, Google, also discovered > that it had the same entropy non-compliance with its serial numbers (as a > result of the DarkMatter discussions highlighting it to them), and we > presume that hundreds of thousands of certificate's would be affected > globally (in comparison to the less than 300 impacted DarkMatter > certificates).[2] Clearly the risk to users is larger in the Google case. > Are you also going to accuse your employer (Google) as not having > undertaken "the expected due diligence to investigate and understand the > issue" that you demand from DarkMatter, and call for the same sanctions > against Google that you wish to impose on DarkMatter? > > Does the Mozilla foundation stand by this double-standard because Google > is one of its significant donors, and its default search engine? Reports > indicate that in 2014, 90% of Mozilla's royalties revenue was derived from > its contract with Google. We understand that the relationship persists > today. [3] Transparency in a public discussion requires full disclosure and > transparency from all - not just DarkMatter. > > > You have highlighted that you believe such articles are misleading, > > but there are a number of unresponded questions to past replies > > that seek to better understand. > > I am glad that you brought this up directly with me - and in this public > discussion. Ryan, you have been one of the individuals who have been > persistent in spreading this false narrative - as far back as February 2018 > - during our initial submission to CABForum. We have duly noted and have > been aware of your persistent attempts to interfere with our contractual > relations. Your employer should know that we have had to expend > considerable effort to defend against your back-room politicking, and > defamatory innuendos, about the nature of our business. > > For the record, there are simply two (2) articles, which cite defamatory > and categorically false sources, making utterly baseless allegations about > DarkMatter's purpose and mission. These two narratives have been recycled > repeatedly by journalists seeking a lurid and sensationalist myth-making > angle on our purpose and mission. Repeating a lie ad-nauseam does not make > it true. CA representatives (including the Mozilla representatives who > have chosen to pre-judge DarkMatter using the same media sources ) do a > great disservice to the idea of "trust" - when they persist in a concerted > effort to accelerate this false narrative about DarkMatter, a commercial CA > business head-quartered in the United Arab Emirates. > > Read my statement carefully: there are no ambiguities or loopholes in our > categorical denials of any false claim made about DarkMatter in these > misleading articles. These claims are baseless and have nothing to do with > DarkMatter. > > It is very clear to us that your paternalistic dismissal of the need for > regional or "local CAs" seems to indicate a hidden motivation: less CA's > offering competitive services in the marketplace. Our view is clear and > unambiguous: when CA's, or Root Store operators use their participation in > the these process - in a manner that is intended to arbitrarily and > without any valid proof, restrict or impede the inclusion of DarkMatter > certificates, they are colluding to create an economic environment that is > contrary to anti-trust laws. > > > Benjamin Gabriel > General Counsel > Dark Matter Group > > > > Benjamin Gabriel | General Counsel & SVP Legal > Tel: +971 2 417 1417 | Mob: +971 55 260 7410 > [email protected] > > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon > this information by persons or entities other than the intended recipient > is prohibited. If you received this in error, please contact the sender and > destroy any copies of this information. > > > > > > > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
