Re: [TLS] WG Adoption for TLS Trust Expressions

Mon, 29 Apr 2024 18:06:07 -0700

Thanks <https://last-chance-for-eidas.org/>, I <https://security.googleblog.com/2023/11/qualified-certificates-with-qualified.html> am <https://www.google.com/search?q=site%3Aapple.com+eidas+-podcast+-music+-store&sca_esv=30517ea669904188&ei=QEMwZvmdAc2lhbIPpY6Q4AY&ved=0ahUKEwj5vZ7x3uiFAxXNUkEAHSUHBGwQ4dUDCBA&uact=5&oq=site%3Aapple.com+eidas+-podcast+-music+-store&gs_lp=Egxnd3Mtd2l6LXNlcnAiK3NpdGU6YXBwbGUuY29tIGVpZGFzIC1wb2RjYXN0IC1tdXNpYyAtc3RvcmVI2RBQmAVY7A9wAXgAkAEAmAHCAaABlQSqAQM1LjG4AQPIAQD4AQGYAgCgAgCYAwCIBgGSBwCgB44C&sclient=gws-wiz-serp> aware <https://www.google.com/search?q=site%3Ablogs.microsoft.com+eidas&sca_esv=30517ea669904188&tbs=cdr%3A1%2Ccd_min%3A1%2F1%2F2021&ei=okMwZoivKbCMhbIP1vOquAg&ved=0ahUKEwiIiKSg3-iFAxUwRkEAHda5CocQ4dUDCBA&uact=5&oq=site%3Ablogs.microsoft.com+eidas&gs_lp=Egxnd3Mtd2l6LXNlcnAiHnNpdGU6YmxvZ3MubWljcm9zb2Z0LmNvbSBlaWRhc0ihE1DECljZEXABeACQAQCYAYMBoAHhA6oBAzUuMbgBA8gBAPgBAZgCAKACAJgDAIgGAZIHAKAHjgI&sclient=gws-wiz-serp>. 

On 30/04/2024 01:39, S Moonesamy wrote:

Hi Dennis,
At 04:20 PM 29-04-2024, Dennis Jackson wrote:
Thankfully these efforts have largely failed because these national CAs have no legitimate adoption or use cases. Very few website operators would voluntarily use certificates from a national root CA when it means shutting out the rest of the world (who obviously do not trust that root CA) and even getting adoption within the country is very difficult since adopting sites are broken for residents without the national root cert. 


There are ways to promote adoption of a government-mandated CA. The 
stumbling point is usually browser vendors, e.g. 
https://blog.mozilla.org/netpolicy/files/2021/05/Mozillas-Response-to-the-Mauritian-ICT-Authoritys-Consultation.pdf


I see that you already mentioned BCP 188.

Regards,
S. Moonesamy
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls






















					Reply via email to