Re: DarkMatter Concerns

2019-02-22 Thread cooperq--- via dev-security-policy 
On Friday, February 22, 2019 at 2:37:20 PM UTC-8, Jonathan Rudenberg wrote:
> With regards to the broader question, I believe that DarkMatter's alleged 
> involvement with hacking campaigns is incompatible with operating a 
> trustworthy CA. This combined with the existing record of apparent 
> incompetence by DarkMatter (compare the inclusion bugs for other recently 
> approved CAs for contrast), makes me believe that the approval request should 
> be denied and the existing intermediates revoked via OneCRL. I don't see how 
> approving them, or the continued trust in their intermediates, would be in 
> the interests of Mozilla's users or compatible with the Mozilla Manifesto.
> 
> Jonathan
> 
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c29
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1427262#c32

I wrote a post about this issue this morning for EFF: 
https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else

Given DarkMatter's business interest in intercepting TLS communications adding 
them to the trusted root list seems like a very bad idea. (I would go so far as 
revoking their intermediate certificate as well, based on these revelations.)
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: DarkMatter Concerns

2019-06-22 Thread cooperq--- via dev-security-policy 
This thread hasn't been updated in a while so I'm not sure what the status is 
of dark matter being accepted but I thought this was a relevant update. The, US 
based reporting agency The Intercept recently issued a report claiming that 
Dark Matter has tried to hack several of their employees. 
https://theintercept.com/2019/06/12/darkmatter-uae-hack-intercept/

I'm sure that Dark Matter will claim this is "fake news" as they have 
previously, but I'm not inclined to believe that The Intercept would publish a 
story of this magnitude without fact checking and unless they were 100% sure of 
it. At this point I feel that there is a preponderance of evidence that Dark 
Matter are bad faith actors and would significantly diminish the 
trustworthiness of the CA system if they were to be included.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy