My view is a bit different, we have lots of CAs already, I think it is more important to be extra secure rather than to take unnecessary risks. While I do understand that Dark Matter's focus is on the UAE, I also have to say, as far as I am aware, there are multiple CAs that will issue certs to people in the UAE. That would be my view if I knew nothing else about DarkMatter, but due to the stuff piling up against them I have to say this, why take the risk? At some point we have to go and think about other parts than purely technical capability, and there seems to be evidence that Dark Matter has done sketchy stuff in the past. This all makes it hard for me to personally justify why the DM should be included. While I don't like making it hard for new competitors to enter, the CA market is quite special where everyone has to behave properly otherwise the system doesn't work.
And even if this is just concerns and nothing actually happened, why should they be included? A CA has to be trusted, if people who work with this don't trust them, I don't see why they should be included. - Cynthia On Sun, Jun 23, 2019 at 6:44 PM Nadim Kobeissi via dev-security-policy < email@example.com> wrote: > That article doesn’t seem to say anything new about Dark Matter that > hasn’t been reported before, doesn’t present evidence and doesn’t cite > sources. Furthermore the article appears to allege that Dark Matter > “discussed” potentially targeting The Intercept, not that it “tried to hack > several of their employees”. To wit, from the article: > > "It is not clear if an attack against The Intercept was ever carried out." > > I understand the concerns regarding Dark Matter but uncertainty shouldn’t > lead to this level of low quality arguments. I still hope that stronger > evidence against Dark Matter will come forward so that this can be settled > once and for all. > > Nadim Kobeissi > Symbolic Software • https://symbolic.software > Sent from office > > > On Jun 21, 2019, at 7:43 PM, coop...@gmail.com wrote: > > > > This thread hasn't been updated in a while so I'm not sure what the > status is of dark matter being accepted but I thought this was a relevant > update. The, US based reporting agency The Intercept recently issued a > report claiming that Dark Matter has tried to hack several of their > employees. > https://theintercept.com/2019/06/12/darkmatter-uae-hack-intercept/ > > > > I'm sure that Dark Matter will claim this is "fake news" as they have > previously, but I'm not inclined to believe that The Intercept would > publish a story of this magnitude without fact checking and unless they > were 100% sure of it. At this point I feel that there is a preponderance of > evidence that Dark Matter are bad faith actors and would significantly > diminish the trustworthiness of the CA system if they were to be included. > > _______________________________________________ > dev-security-policy mailing list > firstname.lastname@example.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy