My view is a bit different, we have lots of CAs already, I think it is more
important to be extra secure rather than to take unnecessary risks.
While I do understand that Dark Matter's focus is on the UAE, I also have
to say, as far as I am aware, there are multiple CAs that will issue certs
to people in the UAE.
That would be my view if I knew nothing else about DarkMatter, but due to
the stuff piling up against them I have to say this, why take the risk?
At some point we have to go and think about other parts than purely
technical capability, and there seems to be evidence that Dark Matter has
done sketchy stuff in the past.
This all makes it hard for me to personally justify why the DM should be
included.
While I don't like making it hard for new competitors to enter, the CA
market is quite special where everyone has to behave properly otherwise the
system doesn't work.
And even if this is just concerns and nothing actually happened, why should
they be included? A CA has to be trusted, if people who work with this
don't trust them, I don't see why they should be included.
- Cynthia
On Sun, Jun 23, 2019 at 6:44 PM Nadim Kobeissi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> That article doesn’t seem to say anything new about Dark Matter that
> hasn’t been reported before, doesn’t present evidence and doesn’t cite
> sources. Furthermore the article appears to allege that Dark Matter
> “discussed” potentially targeting The Intercept, not that it “tried to hack
> several of their employees”. To wit, from the article:
>
> "It is not clear if an attack against The Intercept was ever carried out."
>
> I understand the concerns regarding Dark Matter but uncertainty shouldn’t
> lead to this level of low quality arguments. I still hope that stronger
> evidence against Dark Matter will come forward so that this can be settled
> once and for all.
>
> Nadim Kobeissi
> Symbolic Software • https://symbolic.software
> Sent from office
>
> > On Jun 21, 2019, at 7:43 PM, coop...@gmail.com wrote:
> >
> > This thread hasn't been updated in a while so I'm not sure what the
> status is of dark matter being accepted but I thought this was a relevant
> update. The, US based reporting agency The Intercept recently issued a
> report claiming that Dark Matter has tried to hack several of their
> employees.
> https://theintercept.com/2019/06/12/darkmatter-uae-hack-intercept/
> >
> > I'm sure that Dark Matter will claim this is "fake news" as they have
> previously, but I'm not inclined to believe that The Intercept would
> publish a story of this magnitude without fact checking and unless they
> were 100% sure of it. At this point I feel that there is a preponderance of
> evidence that Dark Matter are bad faith actors and would significantly
> diminish the trustworthiness of the CA system if they were to be included.
>
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
