On Sat, Jul 16, 2022 at 4:06 AM Watson Ladd <[email protected]> wrote:
> > There's also the multistakeholder governance model to consider. > Creating national legislation to require the Internet work a certain > way breaks that governance model, and makes it much, much harder to > stand up to the next Kazakhstan. Multistakeholder governance and the > lack of Internet police has had its issues, but it has meant that > continued innovation is possible even if it causes a great deal of > losses to a good many entrenched interests. The same cannot be said > for EU lobbying. > What the browser providers have done here is to strip away every part of the security signal so that users have no way to know which site they are on. You might think you have really good reasons for doing that, you might think that the bureaucrats behind this proposal are utterly ignorant of the technical issues, you might think a lot of things. But the fact remains that when a user clicks on a link in an email, there is absolutely no reliable way for them to know what site they are connected to. You might think that isn't your problem, on that point you are wrong. The EU really does not care about your concern about what Kazakhstan might or might not order you to do. What they care about is the security of the Internet experience for EU citizens. And that experience is currently defective. I proposed EV as a means of fixing that issue. Contrary to claims made, it had nothing to do with boosting profits. When I called the meeting that led to EV, I had been told not to pursue it by the VP of PKI. Fortunately he left for another company and there was a four month gap where Tim Callan and myself pushed EV through at VeriSign while Melhi pushed it as an industry thing. If you don't want the EU to tell you what you are going to do, you are going to need to provide a different solution to the security gap in the current Internet experience. If you don't like my solution, propose a different one. The fact you don't like the EV solution is not a problem for the bureaucrats. Their skill as regulators is in persuading industries to adopt practices that lead to their desired outcomes. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMm%2BLwg-G8n-UPpbOy0d9hmqVMF%2BQ0twaqMX4uQjo0Mu07-61w%40mail.gmail.com.
