On Thu, Mar 7, 2019, 4:29 PM Ryan Sleevi <[email protected]> wrote: > > On Thu, Mar 7, 2019 at 10:18 AM nadim--- via dev-security-policy < > [email protected]> wrote: > >> I think we're all choosing to kid ourselves here if we continue to say >> that the underlying impetus for this discussion isn't primarily >> sociopolitical. The sooner an end is put to this, the better. >> > > I don't think it's productive nor charitable to suggest that the > participants are behaving disingenuously, especially when it's been > repeatedly highlighted that the concerns are not and have not been > sociopolitical in nature. This seems unnecessarily dismissive of the > discussion to date, and likely prevents productive discourse. >
I'm not at all suggesting that any folks are behaving disingenuously. I'm just saying that it probably would be useful to admit that at this point, this discussion has become driven by concerns against Dark Matter that are largely informed from their previous work, journalistic reporting on said work, the fact that they're based in the UAE, etc. This isn't an indicator of disingenuous behavior or anything like that. It's just distracting from progress and that was my point. > >> by either Mozilla, the CABForum, or both >> > > I just want to highlight that the CA/Browser Forum has absolutely no > relevance to this discussion or matter, nor has it ever. The CA/Browser > Forum is merely a discussion forum for examining common baseline technical > requirements. It is not, nor has it ever, been an appropriate place to > discuss the inclusion, exclusion, or trustworthiness of given entities, and > has zero bearing whatsoever in the security and policy decisions > application software vendors may produce. > Thanks for clarifying this. I'm regardless still wondering if it would be better to move forward in the way that I'm proposing: presenting a documented process through which a set of empirical, falsifiable, achievable requirements for DarkMatter to fulfill so that they can be considered for inclusion. If these requirements are (1) defined fairly and (2) achieved by DarkMatter verifiably, then great. Otherwise, too bad. You're the expert, Ryan, and so I ask: isn't this the right way to move forward? How can we pivot in this direction, so that the discussion becomes more fair and appropriate for all parties? > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
