As far as certificate authorities (CAs) build into the browser: One way around this might be that the browsers ship with the CA as required by law, but that one can disable/delete the CA via the UI. I would guess that a law would be passed that says that the browser can't disable/delete certain CAs (perhaps this one also says that). There can be a list of various government CAs that one might want to disable. This does not help if governments can pressure CAs to issue an alernate CA for use in MITM. Does any of the CA transaprency help? What about a way to have people endorse a certficate (i.e. reputation)?
No comments yet.