Path: csiph.com!usenet.pasdenom.info!news.albasani.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: UNSURE 0.313
X-Spam-Level: ***
X-Spam-Evidence: '*H*': 0.52; '*S*': 0.14; 'subject:Python': 0.05; 'cc:addr:python-list': 0.10; '"an': 0.16; 'domains.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'received:mail-ig0-x22a.google.com': 0.16; 'say)': 0.16; 'wrote:': 0.16; 'proposed': 0.20; 'work,': 0.21; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; 'am,': 0.23; 'decide': 0.23; 'defined': 0.23; '2015': 0.23; 'sets': 0.23; 'header:In-Reply- To:1': 0.24; 'mon,': 0.24; 'respective': 0.27; 'right.': 0.27; 'separate': 0.27; 'message-id:@mail.gmail.com': 0.28; 'subject:other': 0.29; 'subject:all': 0.32; 'ca,': 0.33; "d'aprano": 0.33; 'european': 0.33; 'steven': 0.33; 'everyone': 0.34; 'received:google.com': 0.34; 'conduct': 0.35; 'requiring': 0.35; 'but': 0.36; 'should': 0.37; 'agree': 0.37; 'subject:: ': 0.37; 'means': 0.39; 'your': 0.60; "you've": 0.61; 'card': 0.63; 'business': 0.69; 'internet': 0.69; 'levels': 0.70; 'power': 0.72; 'us,': 0.73; 'country': 0.74; 'subject:have': 0.80; 'air.': 0.84; 'chrisa': 0.84; 'entity.': 0.84; 'legit.': 0.84; 'subject:you': 0.88; 'to:none': 0.90; 'certificates': 0.91; 'processes,': 0.93; 'refuse': 0.93; 'russia': 0.93; 'states,': 0.93; 'china': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=AxNq7L8wLqvX87qlVVlx3fWYQZXRfeGU0MOigEItYY0=; b=on8ZqIOPPfyVYT06ZfQM0zi5AZ6Av15SmVYrOixU6n+it6rYhr3BhnKcLMKWjMRf0C i86xTRyrAPbvKl8XKgiTFc28M3cF7n0SXFtfUhihY33bn578dCdDEAPayFDBIHHMBfQa ++B+cSF35a1xoiD4lr1tuTog5PJ+UWihmYNXgGG2MGJIBAA35uDi/I5F7Uk9rr//hsuN wQeEEB7FWYnk3cGSJd5kVz5AnNC5gp84M7LABUpR9Eca+VCJSNFG1UjQxOcIRdvrZYY1 PBASCNc8CY9HC9S4DmiOPda2UbgcdPJmODVm8Kvb2yXuVWhvMkkd7v+cUrrE2qxgrPvr gGOA==
MIME-Version: 1.0
X-Received: by 10.107.134.153 with SMTP id q25mr22900975ioi.27.1432481737550; Sun, 24 May 2015 08:35:37 -0700 (PDT)
In-Reply-To: <87fv6mj8sr.fsf@elektro.pacujo.net>
References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <mailman.222.1432309028.17265.python-list@python.org> <555FA253.3020304@tundraware.com> <mjomke$saf$1@ger.gmane.org> <mailman.252.1432352224.17265.python-list@python.org> <mjp88e$e1$1@news.albasani.net> <87382nmpkd.fsf@elektro.pacujo.net> <556087ee$0$13004$c3e8da3$5496439d@news.astraweb.com> <87siankzfk.fsf@elektro.pacujo.net> <5561a74b$0$12977$c3e8da3$5496439d@news.astraweb.com> <87fv6mj8sr.fsf@elektro.pacujo.net>
Date: Mon, 25 May 2015 01:35:37 +1000
Subject: Re: Ah Python, you have spoiled me for all other languages
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-Mailman-Approved-At: Mon, 25 May 2015 08:02:24 +0200
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.30.1432533745.5151.python-list@python.org>
Lines: 32
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1432533745 news.xs4all.nl 2947 [2001:888:2000:d::a6]:42462
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:91193

On Mon, May 25, 2015 at 1:26 AM, Marko Rauhamaa <marko@pacujo.net> wrote:
> Steven D'Aprano <steve@pearwood.info>:
>
>> On Sun, 24 May 2015 02:53 am, Marko Rauhamaa wrote:
>> "an authentication is considered valid if it is vouched for by the United
>> States, China, Russia *and* the European Union."
>>
>> [Emphasis in the original.]
>>
>> So if (let's say) the US, China and Russia all agree that a Certs-R-Us are a
>> legitimate CA,
>
> I never proposed those countries should agree on a legitimate CA. Each
> country would have their distinct, respective sets of CAs. A website
> would be considered legitimate only if it possessed certificates from
> all of the four domains.

You've added extra levels of indirection, but it comes to the same
thing. You're requiring that everyone who wants to conduct business on
the internet (taking credit card numbers etc) has to go through four
separate authentication processes, and a failure in any one of them
means the site is not considered legit.

> For the scheme to work, the countries would agree never to refuse to
> certify a legitimate entity.

Right. And "legitimate" is defined as "not refused by any of the four
countries". All they have to do is decide that something's not
legitimate, and bam, they're off air. ANY ONE of your four has this
power of veto.

ChrisA