|
|
|
|
|
|
by repelsteeltje
962 days ago
|
|
|
> Not saying this is right or wrong, but maybe this helps understand why many people in the EU may not be so against this type of legislation. I'm with you. I think most of the fuzz is about forcefully involving government into the CA infrastructure and the fact that this affects rest of the world. As to the latter, I've always found it weird that by default all root stores contain hundreds of CAs from over the world. By default, anyone is assumed to trust large companies (Google, Amazon) equally as nation states (Staat der Nerderlanden) shady entities (Hongkong Post office). So it's not surprising to have everyone up in arms if the EU adds yet another chair to this table. Wouldn't it make much more sense if users took more control and responsibility of the certs in their root store? Wouldn't it make more sense to restrict CAs to certain domains? I would be okay with a EU sanctioned CA if it could only assert authenticity of EU services, but not shops or whitehouse.gov. I've always felt that it would make much more sense if CAs were much more restricted to specific "trust use cases". |
|
|