On 30/04/2024 01:39, S Moonesamy wrote:
Hi Dennis, At 04:20 PM 29-04-2024, Dennis Jackson wrote:Thankfully these efforts have largely failed because these national CAs have no legitimate adoption or use cases. Very few website operators would voluntarily use certificates from a national root CA when it means shutting out the rest of the world (who obviously do not trust that root CA) and even getting adoption within the country is very difficult since adopting sites are broken for residents without the national root cert.There are ways to promote adoption of a government-mandated CA. The stumbling point is usually browser vendors, e.g. https://blog.mozilla.org/netpolicy/files/2021/05/Mozillas-Response-to-the-Mauritian-ICT-Authoritys-Consultation.pdfI see that you already mentioned BCP 188. Regards, S. Moonesamy _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls