On 11/5/16 3:38 AM, John R. Levine wrote:
With what I propose the IGO's can easily set up their own highly exclusive CA and make it clear that if the cert chain does not originate there then the name is bogus. Easy to do. And it requires no expansion of ICANN's role.
And the locks from the wonderful CA will look just like the ones from Let's Encrypt, so it won't help users at all. So the answer that you propose is an ever-growing regulatory body that, like a coal mining machine, slowly consumes the landscape of language, leaving in its wake an internet ever more heavily regulated and taxed?
The proposal I have made requires none of that. Rather, it might require that IGO's collectively go to the browser makers (all three or four of 'em) and ask (or pay) 'em to add a bit of new code, or they go the easier route and publish a plugin, like the popular Calomel plugin. By-the-way, I am surprised that no one has bothered to mention an even easier approach - which is to require that IGO's who want protection do so by putting their names under a special TLD for international governmental bodies. Perhaps ICANN can give the ITU the .itu TLD and let them manage it to satisfy demands by international bodies. Again, a solution that requires no new structure or power in ICANN. As I began my original comment - many among us have tunnel vision that sees gluing yet another regulatory lump onto ICANN as the solution to every problem. --karl--