Hi,
How can the "risk" of the government being minimized or limited? Or maybe being build in such a way that its not easy/possible for government to do damange? (quite impossible task since the government pretty much can do whatever they want when they are in power... and the power are giving to them by the people in most countries)
My personal opinion is that the best way to stop any abuse in the future is to leave open the possibility of reverting 2008-08 in the future when such abuse becomes a reality. And we already have that possibility already: a proposal to withdraw or change a policy will always be handled according to the PDP (Policy Development Process). If things go really bad we can change the policy, the NCC can shut down the CA and all certificates can be withdrawn. The end result will be the same internet as we have today: one without (valid) certificates for resources. As long as the certificate system doesn't get abused we get to enjoy the benefits... It will take some time (it can be done in about 10 weeks) to do this should the need ever occur, but as this is a last-resort exit strategy I think this is acceptable. Is this an acceptable solution for everybody?
... and yes, the problem are there on the hijack side, don't think many disagree on that..
And I would really like to get a solution for this problem, because I am much more afraid of IPv4 address space hijacks once the NCC IPv4 pool runs out... Thanks, Sander Explicitly not speaking as WG chair!