Ah Python, you have spoiled me for all other languages

[Steven D'Aprano]

On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:

> Johannes Bauer <dfnsonfsduifb at gmx.de>:
> 
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up obvious attack surface?
> 
> Here's an idea: an authentication is considered valid if it is vouched
> for by the United States, China, Russia *and* the European Union. Those
> governments are the only entities that would have the right to delegate
> their respective certification powers to private entities.

An interesting mix of:

- one explicitly non-democratic one-party state;

- one nominally democratic but de facto autocratic state;

- one nominally democratic but de facto two-party corporatocracy;

- one supranational union of states;


If you gave them veto power over all certificate authorities (since you need
all four to agree, any of them can veto a CA), I'm not sure that they would
necessarily agree on *any* CAs. Especially since at least two of them would
be looking for any opportunity to subvert the system for the purposes of
espionage and mass surveillance.

I also don't see any reason why national governments would give up their
existing certification powers.


> The governments would also offer to certify anybody in the world free of
> charge.

Why would they do that?



-- 
Steven