On Thursday, March 7, 2019 at 11:14:46 AM UTC-5, Matthew Hardeman wrote: > On Thu, Mar 7, 2019 at 10:10 AM Ken Myers (personal capacity) via > dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > > Is the issue that a Dark Matter business unit may influence the Dark > > Matter Trust Services (a separate unit, but part of the same company) to > > issue certificates for malicious purposes? > > > > or is it a holistic corporate ethics issue (in regards to Mozilla > > community safety) of a Mozilla-trusted service operated within a company > > that sells offensive cyber services? > > > > This particular question is one that I'd very much like to see the program > address officially. I personally reject the "corporate ethics issue" as > inappropriate to this domain, but I don't really get a vote.
I didn't see anything in the articles posted about the offensive cyber services using certificates from the Dark Matter CA unless it is implied that Dark Matter will use Dark Matter certificates to perform offensive actions a la Stuxnet or something like that. If that is not implied, then it seems it is a broader ethics issue of a trust service operated within a company selling offensive cyber services. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
