On Thu, Mar 7, 2019 at 4:20 AM James Burton via dev-security-policy < [email protected]> wrote:
> > There isn't any monopoly that prevents citizens and organizations in the > United Arab Emirates to get certificates from CAs and they are not > expensive. Let's Encrypt provides free domain validated certificates to > everyone around the world. Next. > This is not entirely accurate and the manner in which it is inaccurate may be material to this discussion. Let's Encrypt does not quite provide certificates to everyone around the world. They do prevent issuance to and revoke prior certificates for those on the United States various SDN (specially designated nationals) lists. For example, units of the Iraqi government or those acting at their behest may not receive Let's Encrypt certificates. Obviously that is not an issue for the UAE or its people. At least not today. But it always could be that it will be an issue someday. What the people of the UAE don't have today is the ability to acquire globally trusted certificates from a business in their own legal jurisdiction who would be able to provide them with certificates even in the face of exterior political force. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
