On Thursday, March 7, 2019 at 11:14:46 AM UTC-5, Matthew Hardeman wrote:
> On Thu, Mar 7, 2019 at 10:10 AM Ken Myers (personal capacity) via
> dev-security-policy wrote:
>
> > Is the issue that a Dark Matter business unit may influence the Dark
> > Matter Trust Services (a separate unit, but part of the same company) to
> > issue certificates for malicious purposes?
> >
> > or is it a holistic corporate ethics issue (in regards to Mozilla
> > community safety) of a Mozilla-trusted service operated within a company
> > that sells offensive cyber services?
> >
>
> This particular question is one that I'd very much like to see the program
> address officially. I personally reject the "corporate ethics issue" as
> inappropriate to this domain, but I don't really get a vote.
I didn't see anything in the articles posted about the offensive cyber services
using certificates from the Dark Matter CA unless it is implied that Dark
Matter will use Dark Matter certificates to perform offensive actions a la
Stuxnet or something like that.
If that is not implied, then it seems it is a broader ethics issue of a trust
service operated within a company selling offensive cyber services.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy