Benjamin, There is one theme in all of your responses and it's perfectly clear that you feel strongly that this discussion as a whole is an attack not only on DarkMatter's operations but on the United Arab Emirates sovereignty right to able to have a root included in the Mozilla root store and use of a non-constrained intermediate. You're constantly framing your responses to discredit and attack well respected, fair and honest individuals by stating that they are peddling hidden agenda against DarkMatter and United Arab Emirates which is clearly false. There motives are to protect Mozilla users around the world and to do this they are objectively looking at all of the reports from multiple news organizations, previous and on going discussions on here and other places to determent if DarkMatter's operations are truly trustworthy to the highest degree. Remember, money can't buy trustworthiness it must be earned by showing clearly the true face of the operations within the organization. Next.
The CAB Forum current and previous ballots and discussions are public knowledge and by stating that DarkMatter couldn't have known about these discussions or ballots is porkies. What you are really saying to everyone is that DarkMatter couldn't be bothered to search though the CAB Forum's previous discussions and ballots which demonstrates an amateurish operation at heart. Being a CA is a serious operation and as such they are expected in the eyes to everyone that should know every policy, every current and previous ballot, every rfc standard, etc which affect the CA operationally. Next. There isn't any monopoly that prevents citizens and organizations in the United Arab Emirates to get certificates from CAs and they are not expensive. Let's Encrypt provides free domain validated certificates to everyone around the world. Next. Thank you, Burton On Thu, Mar 7, 2019 at 9:54 AM Matt Palmer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thu, Mar 07, 2019 at 05:17:07AM +0000, Benjamin Gabriel via > dev-security-policy wrote: > > On Wednesday, March 6, 2019 7:51 PM, Ryan Sleevi wrote:> > > > DarkMatter response to the serial number issue has demonstrated > > > that DarkMatter did not do the expected due diligence to investigate > > > and understand the issue. > > > > Your statement as Google's representative is quite disingenuous and > > self-serving. As a new member of the CABForum, we were not privy to the > > discussions for Ballot 164, and have interpreted the Baseline > Requirements > > as they were written. > > I explained[1] how repeatedly asking an RNG for a 64-bit number that meets > certain criteria is not 64 bits of output from said RNG. Coming to that > conclusion doesn't require a history lesson. > > Making the mistake isn't the real problem, though. Mistakes happen. It is > how the mistake is responded to which is important. DarkMatter's > representative persisted in trying to pretend there wasn't a problem when > there was. That does not show the sort of openness to improvement which I, > at least, would prefer to see in a globally-trusted CA. > > > > You have highlighted that you believe such articles are misleading, > > > but there are a number of unresponded questions to past replies > > > that seek to better understand. > > > > I am glad that you brought this up directly with me - and in this public > > discussion. Ryan, you have been one of the individuals who have been > > persistent in spreading this false narrative - as far back as February > > 2018 - during our initial submission to CABForum. We have duly noted and > > have been aware of your persistent attempts to interfere with our > > contractual relations. Your employer should know that we have had to > > expend considerable effort to defend against your back-room politicking, > > and defamatory innuendos, about the nature of our business. > > I'm curious how you think that throwing around veiled threats of legal > action against one of the more widely-respected members of this community > is > going to encourage people to trust your organisation *more*. > > - Matt > > [1] > https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/c6HoK97RBQAJ > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy