On 05/05/2011 08:45, Jim Reid wrote:
On 4 May 2011, at 17:24, Brian Nisbet wrote:
You seem to be imagining a scenario where a national governement would just ring up the NCC and say, "revoke these certs." I have seen no evidence to suggest this risk is anything close to real.
I suppose this depends on the definition of "real" and "evidence" Brian.
If the NCC gets told to revoke a cert -- eg via a Dutch court order or equivalent -- it will have to do that. It would be sensible to assume that well-funded and/or litigious organisations might well be minded to pursue that avenue if they think getting a cert revoked will either disrupt or shut down some activities they dislike. Or bury their opponents in legal costs before it gets to the point where a court order gets issued. Certificates for routing will provide another vector for these sorts of layer-9 and up attacks. IMO it's foolish to assume or pretend otherwise.
My point was not that the cert could not be revoked (although Sander's follow-up post would suggest that might be the case), rather that it would be a long and difficult process. Certainly far, far more difficult than a government picking up the phone and saying "We are in a state of national emergency/rebellion/worried our citizens are learning things, shut down the Internet now." Brian.