On Mon, May 25, 2015 at 1:26 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: > Steven D'Aprano <st...@pearwood.info>: > >> On Sun, 24 May 2015 02:53 am, Marko Rauhamaa wrote: >> "an authentication is considered valid if it is vouched for by the United >> States, China, Russia *and* the European Union." >> >> [Emphasis in the original.] >> >> So if (let's say) the US, China and Russia all agree that a Certs-R-Us are a >> legitimate CA, > > I never proposed those countries should agree on a legitimate CA. Each > country would have their distinct, respective sets of CAs. A website > would be considered legitimate only if it possessed certificates from > all of the four domains.
You've added extra levels of indirection, but it comes to the same thing. You're requiring that everyone who wants to conduct business on the internet (taking credit card numbers etc) has to go through four separate authentication processes, and a failure in any one of them means the site is not considered legit. > For the scheme to work, the countries would agree never to refuse to > certify a legitimate entity. Right. And "legitimate" is defined as "not refused by any of the four countries". All they have to do is decide that something's not legitimate, and bam, they're off air. ANY ONE of your four has this power of veto. ChrisA -- https://mail.python.org/mailman/listinfo/python-list