
Mozilla blocks UAE bid to become an internet security guardian - coloneltcb
https://www.reuters.com/article/us-usa-cyber-mozilla-idUSKCN1U42CA
======
ziddoap
I've been watching the emails roll in on the mailing list regarding this for
awhile now [1], and this article seems to take some liberties in order to make
the story more sensational than it really is. I highly suggest anyone
interested read the linked thread.

In that thread, Nadim Kobeissi of Symbolic Software makes some valid
criticisms of the article:

> _The article makes the following claims:_

> _Mozilla blocked the United Arab Emirates government (not DarkMatter!),from
> becoming an "Internet security guardian" or "Internet security gatekeeper",
> as a result of the Reuters report on DarkMatter. I have no idea what that
> means._

> _Mozilla blocked the United Arab Emirates from becoming a "globally
> recognized Internet security watchdog". Again, I am not sure what that means
> or how that represents DarkMatter's attempts to justify its CA status._

> _Mozilla cited the existence of "credible evidence" to Reuters, despite us
> establishing in this thread that no evidence whatsoever has been presented
> so far and that we're still waiting for it._

Earlier today, Nadim Kobeissi also had a fairly thought provoking critique on
the current decision making process regarding inclusions in light of this
decision, which I think raise some valid concerns and is worth taking to
heart.

[1][https://groups.google.com/forum/#!topic/mozilla.dev.security...](https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/nnLVNfqgz7g%5B151-175%5D)

~~~
qtplatypus
Shouldn’t the default be that an entity wishing to be a CA be untrusted and it
has to present sufficient everdence to be regarded as trustworthy? Given the
dangers of a rouge CA vs the smaller downside of it failing to be regarded as
trusted it seems that if there is any rational doubt as to trustworthiness
then you shouldn’t add it to the trusted list.

~~~
ziddoap
Valid point and definitely discussed in the mailing list by people much more
intelligible on the subject than I. I was more pointing out that the article
doesn't really capture the actual conversation on the mailing list.

