It seems to me that the acceptance of this root can cause great damage to
Mozilla to the future and cause great discussions in the Linux community. Is
Mozilla ready to do all this and lose the support of a large number of users in
the future? In my opinion these are the main issues.
On Friday, February 22, 2019 at 2:21:24 PM UTC-7, Wayne Thayer wrote:
> The recent Reuters report on DarkMatter [1] has prompted numerous questions
> about their root inclusion request [2]. The questions that are being raised
> are equally applicable to their current status as a subordinate CA
Posting from a personal account but commenting in a professional capacity.
Our decision not to include the list was intended for brevity sake only. It is
a reasonable request to provide a CSV and we will do that within 24 hours.
Regarding the number of subscribers, yes in this case it is
Ryan,
Thanks for providing the update. One area that I do need to push back on is
the disclosure of the 100K certificates mentioned.
As demonstrated through past CA distrust discussions and whose need is
evidenced by past incident reports, one of the purposes of having CAs
disclose the affected
I have created a bug to track this issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=1532842
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Sleevi,
Thanks you for the links to both the reporting requirements and the underscore
issue with DigiCert.
Regarding the statement about the severity of the issue, it was not intended to
diminish the non-compliance. Instead it was an attempt to frame the issue with
sufficient context to
Hi!
Just wanted to briefly comment in response to Benjamin Gabriel's statement.
On Tuesday, March 5, 2019 at 7:07:51 AM UTC-8, Benjamin Gabriel wrote:
> Marshal Erwin, director of trust and security for Mozilla, said the Reuters
> Jan. 30 report had raised concerns inside the company that
On Tue, Mar 5, 2019 at 1:58 PM Matthew Hardeman wrote:
> I suppose my initial response to the concern as presented is that it would
> seem to be a fairly trivial (just paperwork, really) matter for DarkMatter
> (or indeed any other applicant) to separate the CA into a fully separate
> legal
On Tue, Mar 5, 2019 at 1:47 PM Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear m.d.s.p,
>
> We wanted to follow-up to this thread and give an update.
>
> We have decided to replace and revoke the certificates with 63 bit serial
> numbers, so far we have
On 05/03/2019 16:11, Benjamin Gabriel wrote:
Message Body (2 of 2)
[... continued ..]
Dear Wayne
> ...
Yours sincerely,
Benjamin Gabriel
General Counsel
DarkMatter Group
As an outside member of this community (not employed by Mozilla or any
public CA), I would like to state the
On Tue, Mar 5, 2019 at 12:18 PM Ryan Sleevi wrote:
>
> I believe you may have misunderstood the details of these incidents and
> their relationship to what's currently under discussion.
>
> In the Sectigo + NSO Group, these were entities that shared common
> investment ownership, but otherwise
Dear m.d.s.p,
We wanted to follow-up to this thread and give an update.
We have decided to replace and revoke the certificates with 63 bit serial
numbers, so far we have finished about 95% of the affected certificates.
We are actively working with the remaining subscribers to replace their
On Tue, Mar 5, 2019 at 12:11 PM Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Objections to DarkMatter on the sole basis of the actions of a sibling
> business with common owners is dangerous turf to get into, if we care about
> historic precedent.
On Tue, Mar 5, 2019 at 11:10 AM Matthew Hardeman
wrote:
>
> This means there are two recent precedents for which this category of
> issues has not resulted in delegation of trust and one proposal that the
> same category of behaviors should. I am not suggesting that a position
> against
On Tue, Mar 5, 2019 at 8:16 AM Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> You're right, there is no test. That's why some of us believe we should
> look at proxies: such as honesty, considering root membership is ultimately
> about trust. DM has made
Hi Scott,
On Tue, Mar 5, 2019, at 09:02, Scott Rea via dev-security-policy wrote:
>
> • DM has resolved all technical and policy issues raised in the UAE and
> DM Roots submission process on Mozilla list: see
> https://bugzilla.mozilla.org/show_bug.cgi?id=1427262
>
> • Since the
I am a non technical person by far and read most of this article. What I am
wondering, is why is there no public CA authority independent of nations
elected by nations such as NATO but global?
___
dev-security-policy mailing list
Message Body (2 of 2)
[... continued ..]
Dear Wayne
Furthermore, it is unfortunate that Mozilla have chosen to reference
categorically misleading articles (and which continue to be recycled on
slow-news days, on an annual basis since 2016) to support the allegation of
“credible evidence”,
Message body (1 of 2)
Mozilla CA Certificate Policy Module Owner
Dear Wayne,
I am writing to provide an official response to the public discussion that you
have initiated, on mozilla.dev.security.policy, in accordance with Article 7,1
of the Mozilla Root Store Policy, on the inclusion of
On Tue, Mar 5, 2019 at 9:01 AM Scott Rea via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I have addressed most if not all of the various technical comments in this
> list in respect to DarkMatter’s Roots submission and it might be helpful if
> I summarize here the raised
I have addressed most if not all of the various technical comments in this
list in respect to DarkMatter’s Roots submission and it might be helpful if I
summarize here the raised Compliance Concerns and Risk of Misuse Concerns:
1. Compliance
Questions have been raised about DarkMatter’s
21 matches
Mail list logo