Ah Python, you have spoiled me for all other languages
Chris Angelico
rosuav at gmail.com
Sat May 23 13:41:48 EDT 2015
On Sun, May 24, 2015 at 2:53 AM, Marko Rauhamaa <marko at pacujo.net> wrote:
> Steven D'Aprano <steve at pearwood.info>:
>
>> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>>> Here's an idea: an authentication is considered valid if it is
>>> vouched for by the United States, China, Russia *and* the European
>>> Union. Those governments are the only entities that would have the
>>> right to delegate their respective certification powers to private
>>> entities.
>>
>> If you gave them veto power over all certificate authorities (since
>> you need all four to agree, any of them can veto a CA),
>
> No, they wouldn't be able to veto a CA. At worst, they would be able to
> refuse you a certificate. If they did that, they would risk being
> dropped from the power pool.
You start out by saying it's valid if vouched for by X, Y, Z., *and*
A. That means that if it's vouched for by X, Y, and A, but not Z, then
it's not valid. That gives Z the power to veto any certificate.
Correspondingly each of the others.
Alternatively, you could say that it's valid if vouched for by *any*
of your authorities... but then you have the same situation as
currently, where multiple authorities can create identical
certificates.
You could try for some kind of voting scheme, where it takes X/2+1
authorities to create a certificate (so you'd need three of your four,
or if you added a fifth (say Japan), then three out of the five); but
this just entails ridiculous overheads for uncertain benefit.
Also, there's one huge question outstanding: Since when should country
governments and the EU be in charge of any of this?
ChrisA
More information about the Python-list
mailing list