Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist | 7/9/2019 | Staff
nallynally (Posted by) Level 4
Click For Photo:

Mozilla on Tuesday added digital certificates belonging to security biz DarkMatter and its subsidiaries to Firefox's OneCRL blocklist, based on concerns that the UAE-based company will misuse its power as a certificate authority (CA) to intercept online communications.

In a post to Mozilla's security policy forum, Wayne Thayer, certification authority program manager for the public benefit browser and software maker, said multiple independent reports have raised credible allegations that DarkMatter has been involved in spying.

Arguments - Sides - Decision - Trust - DarkMatter

"While there are solid arguments on both sides of this decision, it is reasonable to conclude that continuing to place trust in DarkMatter is a significant risk to our users," said Thayer.

"I will be opening a bug requesting the distrust of DarkMatter’s subordinate CAs pending Kathleen’s concurrence. I will also recommend denial of the pending inclusion request, and any new requests from DigitalTrust."

DigitalTrust - Name - DarkMatter - CA - Business

DigitalTrust is the name of DarkMatter's CA business; "Kathleen" refers to Mozilla program manager Kathleen Wilson.

Web browsers depend on a list of authorities that vouch for the authenticity and integrity of the digital certificates presented by websites. An untrustworthy CA could issue a fake certificate to a website that allowed it to spy on interactions between the site and its visitors, even if the connection appeared to be secure.

DarkMatter - Certificate - Authority - Years - January

DarkMatter has been trying to become a root certificate authority for the past two years. In January, Reuters reported that DarkMatter personnel assisted in a...
(Excerpt) Read more at:
Wake Up To Breaking News!
He is faithful!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!