ietf
[Top] [All Lists]

Re: Number of CAs

2013-11-17 19:03:30
Phillip Hallam-Baker wrote:

The four most widely used browsers are all produced by US companies.

Open source helps a lot.

Anyway, that does not answer my question of:

Why do you insist on counting the number of Angels when just one
fallen one is a lot more than enough?

If you posit an attack against the US CAs you must also accept that the NSA
could make the same threats against the browser providers which would have
the same effect with far less risk of being caught and far fewer
consequences to being caught.

It does not deny my point that PKI is no better than DH.

If the NSA was to coerce a CA into issuing a false certificate I would
imagine their lawyers would point out to the court that doing so would
threaten the stability of the entire Internet economy and that if
discovered the CA would lose its business.

Could you explain why google, apple, microsoft etc. did not behave so?

The NSA would then be facing the downside of a multi-billion dollar lawsuit
in public court. The very last thing they want to risk is their
unconstitutional search orders being litigated by a plaintiff with standing.

"would then be facing"??? If it's not "is now facing", then, it means
"will never face".

                                                        Masataka Ohta