Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist(zdnet.com)
zdnet.com
Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist
https://www.zdnet.com/article/surveillance-firm-asks-mozilla-to-be-included-in-firefoxs-certificate-whitelist/
13 comments
Yes, they should be troubled by whether they should even bother to explain why they have rejected it, and removed the QuoVadis authorities.
Agonizing over whether to let them in suggests they have let in other questionable entities. "Fairness" is a smokescreen. Nobody honest needs a certificate from a dodgy authority, and nobody with a certificate from a dodgy authority deserves benefit of doubt.
Agonizing over whether to let them in suggests they have let in other questionable entities. "Fairness" is a smokescreen. Nobody honest needs a certificate from a dodgy authority, and nobody with a certificate from a dodgy authority deserves benefit of doubt.
it's a recipe for disaster :(
there are some standards which companies have to comply with in order to be considered a "trustworthy" provider (e.g. for CA's)
https://www.etsi.org/technologies/digital-signature/certific...
I doubt that DarkMatter has any of this (not that this would reduce the risk but it could be used as an argument by Mozilla considering they're stuck between a rock and a hard place.
there are some standards which companies have to comply with in order to be considered a "trustworthy" provider (e.g. for CA's)
https://www.etsi.org/technologies/digital-signature/certific...
I doubt that DarkMatter has any of this (not that this would reduce the risk but it could be used as an argument by Mozilla considering they're stuck between a rock and a hard place.
The rules are the rules. They want to follow the rules. If they don't follow the rules, they'll be making an exception. What's the point on having rules if you make exceptions?
Because most of the time the rules are in effect, except for the exceptions.
Rules exist for the purpose they serve, functions they allow to be easier and cheaper. Rules are not made so that rules have been made.
Rules exist for the purpose they serve, functions they allow to be easier and cheaper. Rules are not made so that rules have been made.
While I agree with Mozilla's decision, the reason that there are rules is so that it isn't arbitrary. Who is to say who is trustworthy? What if Mozilla wants to charge a fee or else they will remove someone?
Those circumstances would easily fall under the purpose they serve.
Those circumstances would easily fall under the purpose they serve.
Rules reduce expense, leaving resources to deal with exceptional cases. Applying rules to exceptional cases makes a mockery of both the rules and the organization applying them.
... Hurries to delete QuoVadis and Chinese gov authorities from my Firefox trusted lists.
Seems like I did this a few years back, on a previous system.
Seems like I did this a few years back, on a previous system.
I just did this on my work laptop; is there a way to replicate my certificate lists (or, at best, the deltas)?
> Chinese gov authorities
How would I identify these?
> Chinese gov authorities
How would I identify these?
Play stupid games, win stupid prizes.