In an interesting development, the security team at Mozilla has been caught in a dilemma in the light of a new request to add a known surveillance vendor to Firefox’s internal list of approved HTTPS certificate issuers, according to a report by ZDNet.
The vendor which goes by the name of DarkMatter is a cybersecurity firm based in the United Arab Emirates and has a background of selling surveillance services to oppressive regimes in the Middle East.
It is worthwhile to note here that the vendor filed a bug report and requested its own root certificates be added to the Firefox’s certificate store.
Certificate Authorities (CAs) are the entities that are approved to issue TLC certificates. With the help of the certificate store, Mozilla knows what to trust when it is loading encrypted content inside Firefox. This is very similar to what Google, Microsoft, and Apple do when they load encrypted content inside Safari, macOS, Chrome, Chrome OS, Edge, IE, and Windows.
The case is not that simple as it appears on the surface as DarkMatter has been involved in some shady deals in the past. On one hand, Mozilla is feeling the heat from the likes of Electronic Frontier Foundation, Amnesty International, and others to decline DarkMatter’s request, while on the other hand, DarkMatter claims it has never abused its TLS certificate issuance powers for anything dubious.
Speaking about the situation, EFF’s Cooper Quintin said in the Google Groups discussions:
“Given DarkMatter’s business interest in intercepting TLS communications adding them to the trusted root list seems like a very bad idea. I would go so far as revoking their intermediate certificate as well, based on these revelations.”
As per ZEDNet, the company was not aware of DarkMatter’s patchy history at the time it applied for the role. According to a Reuter’s report last month, DarkMatter was involved in helping the Saudi Government spy on dissidents.
Mozilla has now opened a new Google’s Group Discussion to gather more feedback from the community in an attempt to reach a conclusion regarding the future of DarkMatter.