Confirm, administrator
5,526
edits
Changes
→Suggestions about what to do about Government CAs
*** Cannot protect anyone from governments using their power on their citizens, whether it is a government-owned CA or not.
* annotate certain CAs as doing business in a set of language-based localesThe least we can do is say something like, and offer an interstitial warning the first time a user visits a site certified by an authority outside of their normal linguistic area. If the user decidesyes, yes[Chinese/Dutch] Government, I want to we will accept certificates issued your root, but it should only work by default for users browsing in the [Chinese/Dutch/Spanish/whatever market, then that warning is never shown again for that ] language group.** The place where this breaks down, of course, is that (nearly) all CAs others will want have to participate in the click-through once to trust it.com / "global English" spaceThis isn't about building one-to-one mappings of websites to national jurisdictions. You might convince This is about putting a few CAs that it is least-privilege scope on claims of trustworthiness rooted in their own best interest to restrict themselves to their actual markets to reduce their value as targets of attack (this wouldsovereignty rather than an independently verified audit. It've served DigiNotar well) but I wonder how many businesses would volunteer to be part s about protecting the trans-national nature of such a restriction, Internet trust against the abuse and or how root store programs would adjudicate imposing and managing such restrictionsincompetence of sovereigns.
== What Inclusion of a CA in Mozilla's Program Means ==
