Arshad Noor wrote:

The ICANN analogy is not appropriate in this context, because

You missed the point I was making, the internet is global, not geographically localised in the case of issuing business names, this is compounded by the fact that .com/net/org is literally a free for all rather then forcing people to register under country code TLDs.

This may be ok *IF* and it's a big if the browsers honoured some of the RFCs with respect to scope of allocations, but this isn't the case at present.

So if all countries fronted up with a root certificate or one for each state which is the case in both the US and Australia, and then started issuing certificates for "*" suddenly the any government can be snooping all your encrypted traffic because they browsers never track certificate fingerprints.

Further more do you trust EVERY SINGLE government out there to take proper safe guards of their private keys?

What happens if a corrupt government sells a private key to scammers and they start issuing certificates for scam sites?

Nice idea in theory, but then again everything works in theory...

--

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto

Reply via email to