Steven D'Aprano <st...@pearwood.info>:
> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>> Here's an idea: an authentication is considered valid if it is
>> vouched for by the United States, China, Russia *and* the European
>> Union. Those governments are the only entities that would have the
>> right to delegate their respective certification powers to private
>> entities.
>
> An interesting mix of:
>
> - one explicitly non-democratic one-party state;
> - one nominally democratic but de facto autocratic state;
> - one nominally democratic but de facto two-party corporatocracy;
> - one supranational union of states;
Yes, the same principles that make UN do a lot of good in the world
despite those shortcomings.
> If you gave them veto power over all certificate authorities (since
> you need all four to agree, any of them can veto a CA),
No, they wouldn't be able to veto a CA. At worst, they would be able to
refuse you a certificate. If they did that, they would risk being
dropped from the power pool.
>> The governments would also offer to certify anybody in the world free
>> of charge.
>
> Why would they do that?
They would have something to gain and something to lose:
1. They would gain protection for their citizens and companies against
foreign MitM attacks.
2. They would lose the power to perform MitM attacks on their own
citizens.
Unfortunately, the governments of the world fear their own citizens more
than each other, so they would likely not go with the kind of plan I
presented.
At the moment any sovereign government and sizeable criminal outfit can
cook up valid certificates for any website in the world. That's because
each CA is trusted completely.
Marko
--
https://mail.python.org/mailman/listinfo/python-list
