On 2022-03-13, at 01:33, Sean Donelan <sean@donelan.com> wrote:
Its not a question of whether you trust one CA (e.g. the Russian Ministry of Digital Development CA), but whether everyone trusts all 100+ CA's in universal trust stores to sign everything/anything.
Right. Authorization is not a binary thing. You don’t divide your world into the two classes “authorized” and “unauthorized”; you authorize for specific permissions. Your house cleaners may get access to your home, but not to your bank account. (I hear whispering: “Authorization? I thought we were talking about authentication.”. Yes. But we authenticate to authorize, and while we are doing this, we authorize (“trust”) to authenticate. We need to qualify this “trust” with what the resulting authorization can do.)
Again, I understand why companies and open source projects don't want to maintain different trust lists for different jurisdictions around the world. Like other localization requirements (currency, date & time formats, languages) maybe its time has come for localization requirements for TLS/SSL trust lists?
Oh. Your message started insightful. Now you are back to binary authorization, just with a jurisdiction parameter going in. Grüße, Carsten