Who decides who gets to be a CA for SSL certs? Similar process. Somehow my browser doesn't recognize a CA that would allow any random person to pretend to be Facebook.
Google controls the entire browser, meaning they are in absolute control, ultimately. They could inject code into your banking web sites, they could block all the porn, whatever they want.
The idea isn't that the certificates would wrest control away from Google, it's that they wouldn't be able to use "omg the malwares" as a shield for their intentions. If there's a root CA that's handing out certs for malware extensions then sure, pull the plug, but if the root CA is handing out certs for ad blockers and Google pulls the plug then it'll be plain as day what they're doing.
Heck, all the browsers nowadays use extensions of some sort, maybe they could form a consortium for extension certifications so no one company would be in complete control. You could bet Mozilla would keep that sort of behavior in check, at least.
haberman|12 years ago
Which means Google is still in charge, ultimately.
Which means that this digital signature scheme hasn't actually accomplished anything.
Zikes|12 years ago
The idea isn't that the certificates would wrest control away from Google, it's that they wouldn't be able to use "omg the malwares" as a shield for their intentions. If there's a root CA that's handing out certs for malware extensions then sure, pull the plug, but if the root CA is handing out certs for ad blockers and Google pulls the plug then it'll be plain as day what they're doing.
Heck, all the browsers nowadays use extensions of some sort, maybe they could form a consortium for extension certifications so no one company would be in complete control. You could bet Mozilla would keep that sort of behavior in check, at least.