[Cryptography] hard to trust all those root CAs
Lodewijk andré de la porte
l at odewijk.nl
Sun Jul 20 07:04:37 EDT 2014
2014-07-20 0:07 GMT+02:00 Jerry Leichter <leichter at lrw.com>:
> The reason there are so many trusted CA's is that we can't have some
> random browser maker deciding that a Chinese CA isn't trustworthy - that
> violates Chinese sovereignty. (That a Chinese dissident might have very
> strong feelings on this matter is just too bad.)
>
That it's something China does not like, and doing something China does not
like can be unwise, I can understand. But China's sovereignty is only
affected when Chinese decide to use the violating browser. Which China can
prevent, which makes it sovereign.
There's some validity to the argument that you can't just not give China
any root CA's. But there's no validity to the idea that it violates China's
anything. If it makes me (Dutch) more secure, it should be so for me. Maybe
we should introduce a separation of country and code? :P
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140720/26fd468d/attachment.html>
More information about the cryptography
mailing list