Steven D'Aprano <st...@pearwood.info>: > On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote: >> Here's an idea: an authentication is considered valid if it is >> vouched for by the United States, China, Russia *and* the European >> Union. Those governments are the only entities that would have the >> right to delegate their respective certification powers to private >> entities. > > An interesting mix of: > > - one explicitly non-democratic one-party state; > - one nominally democratic but de facto autocratic state; > - one nominally democratic but de facto two-party corporatocracy; > - one supranational union of states;
Yes, the same principles that make UN do a lot of good in the world despite those shortcomings. > If you gave them veto power over all certificate authorities (since > you need all four to agree, any of them can veto a CA), No, they wouldn't be able to veto a CA. At worst, they would be able to refuse you a certificate. If they did that, they would risk being dropped from the power pool. >> The governments would also offer to certify anybody in the world free >> of charge. > > Why would they do that? They would have something to gain and something to lose: 1. They would gain protection for their citizens and companies against foreign MitM attacks. 2. They would lose the power to perform MitM attacks on their own citizens. Unfortunately, the governments of the world fear their own citizens more than each other, so they would likely not go with the kind of plan I presented. At the moment any sovereign government and sizeable criminal outfit can cook up valid certificates for any website in the world. That's because each CA is trusted completely. Marko -- https://mail.python.org/mailman/listinfo/python-list