While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters’ report raised concerns about whether DarkMatter would abuse that authority.
Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks.
30 report had raised concerns inside the company that DarkMatter might use Mozilla’s certification authority for “offensive cybersecurity purposes rather than the intended purpose of creating a more secure, trusted web.”
Websites that want to be designated as secure have to be certified by an outside organization, which will confirm their identity and vouch for their security. The certifying organization also helps secure the connection between an approved website and its users, promising the traffic will not be intercepted.
Mozilla is seen by security experts as a respected leader in the field and particularly transparent because it conducts much of the process in public, posting the documentation it receives and soliciting comments from internet users before making a final decision.
That would take it to a new level, making it one of fewer than 60 core gatekeepers for the hundreds of millions of Firefox users around the world.
Deckelmann said Mozilla is worried that DarkMatter could use the authority to issue certificates to hackers impersonating real websites, like banks.
“You look at the facts of the matter, the sources that came out, it’s a compelling case,” said Deckelmann.