Chris Angelico <ros...@gmail.com>: > On Sun, May 24, 2015 at 2:53 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: >> Steven D'Aprano <st...@pearwood.info>: >>> If you gave them veto power over all certificate authorities (since >>> you need all four to agree, any of them can veto a CA), >> >> No, they wouldn't be able to veto a CA. At worst, they would be able >> to refuse you a certificate. If they did that, they would risk being >> dropped from the power pool. > > You start out by saying it's valid if vouched for by X, Y, Z., *and* > A. That means that if it's vouched for by X, Y, and A, but not Z, then > it's not valid. That gives Z the power to veto any certificate. > Correspondingly each of the others.
CA = certificate authority != certificate Marko -- https://mail.python.org/mailman/listinfo/python-list
