Ah Python, you have spoiled me for all other languages
Steven D'Aprano
steve at pearwood.info
Sat May 23 10:00:13 EDT 2015
On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
> Johannes Bauer <dfnsonfsduifb at gmx.de>:
>
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up obvious attack surface?
>
> Here's an idea: an authentication is considered valid if it is vouched
> for by the United States, China, Russia *and* the European Union. Those
> governments are the only entities that would have the right to delegate
> their respective certification powers to private entities.
An interesting mix of:
- one explicitly non-democratic one-party state;
- one nominally democratic but de facto autocratic state;
- one nominally democratic but de facto two-party corporatocracy;
- one supranational union of states;
If you gave them veto power over all certificate authorities (since you need
all four to agree, any of them can veto a CA), I'm not sure that they would
necessarily agree on *any* CAs. Especially since at least two of them would
be looking for any opportunity to subvert the system for the purposes of
espionage and mass surveillance.
I also don't see any reason why national governments would give up their
existing certification powers.
> The governments would also offer to certify anybody in the world free of
> charge.
Why would they do that?
--
Steven
More information about the Python-list
mailing list