On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote: > Johannes Bauer <dfnsonfsdu...@gmx.de>: > >> I dislike CAs as much as the next guy. But the problem of distributing >> trust is just not easy to solve, a TTP is a way out. Do you have an >> alternative that does not at the same time to providing a solution >> also opens up obvious attack surface? > > Here's an idea: an authentication is considered valid if it is vouched > for by the United States, China, Russia *and* the European Union. Those > governments are the only entities that would have the right to delegate > their respective certification powers to private entities.
An interesting mix of: - one explicitly non-democratic one-party state; - one nominally democratic but de facto autocratic state; - one nominally democratic but de facto two-party corporatocracy; - one supranational union of states; If you gave them veto power over all certificate authorities (since you need all four to agree, any of them can veto a CA), I'm not sure that they would necessarily agree on *any* CAs. Especially since at least two of them would be looking for any opportunity to subvert the system for the purposes of espionage and mass surveillance. I also don't see any reason why national governments would give up their existing certification powers. > The governments would also offer to certify anybody in the world free of > charge. Why would they do that? -- Steven -- https://mail.python.org/mailman/listinfo/python-list