Hi Dennis,
At 04:20 PM 29-04-2024, Dennis Jackson wrote:
Thankfully these efforts have largely failed because these national
CAs have no legitimate adoption or use cases. Very few website
operators would voluntarily use certificates from a national root CA
when it means shutting out the rest of the world (who obviously do
not trust that root CA) and even getting adoption within the country
is very difficult since adopting sites are broken for residents
without the national root cert.
There are ways to promote adoption of a government-mandated CA. The
stumbling point is usually browser vendors, e.g.
https://blog.mozilla.org/netpolicy/files/2021/05/Mozillas-Response-to-the-Mauritian-ICT-Authoritys-Consultation.pdf
I see that you already mentioned BCP 188.
Regards,
S. Moonesamy
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
