On 05/23/2015 06:44 AM, Marko Rauhamaa wrote: > Johannes Bauer <dfnsonfsdu...@gmx.de>: > >> I dislike CAs as much as the next guy. But the problem of distributing >> trust is just not easy to solve, a TTP is a way out. Do you have an >> alternative that does not at the same time to providing a solution >> also opens up obvious attack surface? > > Here's an idea: an authentication is considered valid if it is vouched > for by the United States, China, Russia *and* the European Union. Those > governments are the only entities that would have the right to delegate > their respective certification powers to private entities. The > governments would also offer to certify anybody in the world free of > charge.
Why trust governments? Why not use peer-to-peer trust. If I trust you and you trust site X with a fingerprint of Y, then I should trust it also. Sadly though getting the unwashed masses educated enough to make this work is impossible (like how PGP is pretty much dead). Maybe it's a harder problem than anyone can solve. -- https://mail.python.org/mailman/listinfo/python-list