- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sat, 04 Feb 2017 02:58:33 +0000
- To: W3C Credentials Community Group <public-credentials@w3.org>, "public-webid@w3.org" <public-webid@w3.org>, Web Payments CG <public-webpayments@w3.org>, public-rww <public-rww@w3.org>
- Message-ID: <CAM1Sok38Ce-XSzWRQf_6ebpgLE1nq4sOPiX15Jp-mhLO9fSx0A@mail.gmail.com>
Cross-posted I note that the Root Certificates bundled with Browsers, do not universally have sovereign providers (ie: providers operating their HQ from a local national provider). Whilst i can understand the rapid development of the web and how this may not have been considered previously, as the use of the web continues to develop - isn't it becoming more important? Particularly if solutions become bound to browsers... I've done a quick search and found an example for mozilla[1]; but moreover, Do we know what the barriers (ie: economic costs for bundling with browsers) are for updating this infrastructure via trusted local provider(s)? I recently heard the cost for bundling a new Root-CA provider with all the browsers was a relatively significant barrier. Whilst these sorts of things (ie: sovereignty considerations / rule of law / etc.) have been at the heart of these works, i am finding it difficult not to note the finger[2] depicted nationally in recent affairs and in the spirit of long-standing precedents[3] value the health, safety and welfare that may be born via our efforts. Of course, as an Australian - the affairs of the US administration are quite independent to me; other than the fond relationships i have with those who call America home and indeed also - that my crypto / data frameworks are most often Choice Of Law USA which (as an American legal alien) increasingly concerns me. Whilst i am not advocating for a browser-centric solution to be necessary; browsers are difficult things to manage, complex, and the future of them is kinda unknown; various storage frameworks provide interesting opportunities in-line with W3C standards; and as portions of these sorts of AUTH considerations have been within the domain of long-standing issues, including that of the function for WebID-TLS and the UX frameworks thereby provided; it seemed, this course of consideration (ie: how hard is it to make a browser-company policy to lower the cost for PKI for decentralisation via lowering the costs) may indeed yield some relatively simple ways to both encourage broader involvement, participation and consideration via a relatively simple group of policy considerations. I imagine years ago, as a browser company; the income generated this way was part of how to make the production of a browser a successful endeavors with paid employees (caring for their families, etc.); yet, aren't we a little past that now? We're working on various ID related constituents, etc. Even if a solution was Google AU or MS AU or similar. Still seems better to me. *"This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities."[4]* Timothy Holborn [1] https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport [2] http://www.smh.com.au/world/wrecking-ball-with-steve-bannon-in-charge-of-security-what-does-donald-trump-mean-for-usaustralia-relations-20170202-gu4kgw.html [3] *https://www.youtube.com/watch?v=aiFIu_z4dM8 <https://www.youtube.com/watch?v=aiFIu_z4dM8> * [4] https://en.wikipedia.org/wiki/Certificate_authority
Received on Saturday, 4 February 2017 02:59:21 UTC