On Wed, May 04, 2011 at 05:24:12PM +0100, Brian Nisbet wrote:
I really don't think it does. You seem to be imagining a scenario where a national governement would just ring up the NCC and say, "revoke these certs." I have seen no evidence to suggest this risk is anything close to real.
This has already happened, not a week ago the DHS (who else?) seized the domains of various online poker sites. TTBOMK similar has happened in the EU as well. I even seem to remember some organisation calling for RIPE to de-register certain resources. (Possibly the NCC care to enlighten us as to whether anything came of that?)
I suspect that a for profit global megacorp running such a certification system would be far more vulnerable to such measures, but even then, I don't see this as a large risk.
Absolutely. Wikileaks <> Visa, Mastercard, Paypal, Verisign, &c? I think that is a *very* large risk indeed and I'd never propose to host the central authority for my routing to $private_corp either. Unless there are a lot of them, preferably in a lot of different countries... rgds, Sascha