[At-Large] R: IGO names: is this worth war?

John R. Levine johnl at iecc.com
Sat Nov 5 10:38:52 UTC 2016


> With what I propose the IGO's can easily set up their own highly exclusive CA 
> and make it clear that if the cert chain does not originate there then the 
> name is bogus.  Easy to do.   And it requires no expansion of ICANN's role.

And the locks from the wonderful CA will look just like the ones from 
Let's Encrypt, so it won't help users at all.  Or if they send spam, I 
suppose they could sign stuff with S/MIME, but users don't understand what 
an S/MIME icon in a mail program means, and none of the popular webmail 
systems don't handle S/MIME at all.

If you're imagining that browser makers would change their browsers to 
display the lock from the wonderful CA in a particularly wonderful way, 
good luck with that.

R's,
John


More information about the At-Large mailing list