Re: DarkMatter CAs in Google Chrome and Android
On Thu, 25 Jul 2019 13:16:44 -0500 Matthew Hardeman via dev-security-policy wrote: > Perhaps I misunderstand, but this would seem to suggest that there be > direct penalties for mere pursuit of due process. Mmm? Due process is something a minority of sovereign entities promise (though they are not always very consistent in delivering), it has no relevance to relationships between anybody else, including Mozilla, Google, Dark Matter, myself or you. And participation in Mozilla's root programme is, as the name implies, solely in Mozilla's gift, presumably likewise Google. Not getting to participate is not a "penalty". Nick. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DarkMatter CAs in Google Chrome and Android
I did not consider it useful to say it, so I didn't. But I was certainly thinking that "try... over the heads of people who make the decision" bit, when the "appeal" got posted. ;-) Is there such a thing as a right to be trusted? Interesting question... I would say there isn't, trust cannot be demanded because it's based on other things than rules and laws. CU Hans ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DarkMatter CAs in Google Chrome and Android
On Thu, Jul 25, 2019 at 4:33 AM Nick Lamb via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Surely the answer is "Yes" ? I mean, it makes strategic sense to react > to a CA which tries to appeal a trust store decision over the heads of > the people making it in exactly this way - by distrusting it. > > I think it's what I would advise an independent trust store to do in > this situation. > Perhaps I misunderstand, but this would seem to suggest that there be direct penalties for mere pursuit of due process. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DarkMatter CAs in Google Chrome and Android
On Wed, 24 Jul 2019 14:32:41 + Scott Rea via dev-security-policy wrote: > As you are aware, DarkMatter and DigitalTrust have appealed the > decision by Mozilla on the basis of multiple elements which have also > be published to the list. Has the appeal or any of the points at the > heart of that appeal been taken into account in this decision by > Google? Surely the answer is "Yes" ? I mean, it makes strategic sense to react to a CA which tries to appeal a trust store decision over the heads of the people making it in exactly this way - by distrusting it. I think it's what I would advise an independent trust store to do in this situation. Nick. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DarkMatter CAs in Google Chrome and Android
G’day Devon et al, It would appear that Chrome has implemented distrust of the UAE NPKI intermediates immediately - can you please explain the rationalization for this decision? These intermediates have been operating without issue for a few years now, what was the rationale for immediate distrust without giving DigitalTrust the opportunity to contact customers about the need to update site certificates? This is extremely distruptive and has left all public trust customers inoperable unless their customers swap to a browser other than Chrome. Can you please outline the justification behind this? Regards, -Scott Sent from my iPhone Scott Rea | Senior Vice President - Trust Services Tel: +971 2 417 1417 | Mob: +971 52 847 5093 scott@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. > On Jul 24, 2019, at 10:42 AM, Scott Rea via dev-security-policy > wrote: > > Caution: This email originated from outside DarkMatter. Do not click links or > open attachments unless you recognize the sender and believe the content is > safe. > > -- > > G’day Devon et al, > > Can you please detail the reason behind Google withdrawing trust for the UAE > NPKI intermediates? > Can you also please provide the timeline for the in-band delivery of the > restriction by Google? As you can imagine this will have catastrophic impact > for existing customers and we would like to provide them a reasonable plan to > manage the transition. > > As you are aware, DarkMatter and DigitalTrust have appealed the decision by > Mozilla on the basis of multiple elements which have also be published to the > list. Has the appeal or any of the points at the heart of that appeal been > taken into account in this decision by Google? > > Regards, > -Scott > > On 7/23/19, 11:02 PM, "dev-security-policy on behalf of Devon O'Brien via > dev-security-policy" of dev-security-policy@lists.mozilla.org> wrote: > >(Writing on behalf of Google Chrome and Android) > >On behalf of Google Chrome and Android, we would like to thank the > participants that have contributed to the discussion on the broader M.D.S.P > thread on this topic. We will be taking similar steps to those proposed by > Wayne and approved by Kathleen, in that we will be removing trust in the > DarkMatter-operated intermediates across Google Chrome and Android and we > will not be including DarkMatter’s proposed new root certificates. We > anticipate these changes will be delivered via our existing in-band delivery > mechanisms to clients and require no user action. > > > Scott Rea | Senior Vice President - Trust Services > Tel: +971 2 417 1417 | Mob: +971 52 847 5093 > scott@darkmatter.ae > > The information transmitted, including attachments, is intended only for the > person(s) or entity to which it is addressed and may contain confidential > and/or privileged material. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon this information by > persons or entities other than the intended recipient is prohibited. If you > received this in error, please contact the sender and destroy any copies of > this information. > > ___ >dev-security-policy mailing list >dev-security-policy@lists.mozilla.org >https://lists.mozilla.org/listinfo/dev-security-policy > > > > > > > > > > > > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: DarkMatter CAs in Google Chrome and Android
G’day Devon et al, Can you please detail the reason behind Google withdrawing trust for the UAE NPKI intermediates? Can you also please provide the timeline for the in-band delivery of the restriction by Google? As you can imagine this will have catastrophic impact for existing customers and we would like to provide them a reasonable plan to manage the transition. As you are aware, DarkMatter and DigitalTrust have appealed the decision by Mozilla on the basis of multiple elements which have also be published to the list. Has the appeal or any of the points at the heart of that appeal been taken into account in this decision by Google? Regards, -Scott On 7/23/19, 11:02 PM, "dev-security-policy on behalf of Devon O'Brien via dev-security-policy" wrote: (Writing on behalf of Google Chrome and Android) On behalf of Google Chrome and Android, we would like to thank the participants that have contributed to the discussion on the broader M.D.S.P thread on this topic. We will be taking similar steps to those proposed by Wayne and approved by Kathleen, in that we will be removing trust in the DarkMatter-operated intermediates across Google Chrome and Android and we will not be including DarkMatter’s proposed new root certificates. We anticipate these changes will be delivered via our existing in-band delivery mechanisms to clients and require no user action. Scott Rea | Senior Vice President - Trust Services Tel: +971 2 417 1417 | Mob: +971 52 847 5093 scott@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
DarkMatter CAs in Google Chrome and Android
(Writing on behalf of Google Chrome and Android) On behalf of Google Chrome and Android, we would like to thank the participants that have contributed to the discussion on the broader M.D.S.P thread on this topic. We will be taking similar steps to those proposed by Wayne and approved by Kathleen, in that we will be removing trust in the DarkMatter-operated intermediates across Google Chrome and Android and we will not be including DarkMatter’s proposed new root certificates. We anticipate these changes will be delivered via our existing in-band delivery mechanisms to clients and require no user action. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy