On Wed, Mar 06, 2019 at 08:56:47PM -0800, astronut--- via dev-security-policy wrote: > Setting aside the discussion about DarkMatter specifically, here are some > ways in which having a CA in a new jurisdiction that isn't currently > represented in the ecosystem can bring value: > > * Allow users to transact business in their normal currency > > * Allow users to transact business without international currency usage > fees > > * A "domestic" CA is far more likely to be able to do business in the > local language compared to CAs that don't have any presence in a country > where that language is spoken. > > * Many, if not all, subscription agreements have a choice of venue clause > in them. A "local" CA allows subscribers to ensure the contract is > subject to their local laws rather than those of a foreign country > > * There are many other factors easier to transact business domestically > than internationally, even with things as benign as contacting the CA by > phone or mail.
Whilst those are all good points, I don't see how any of them require the CA to control an unconstrained intermediate CA certificate (or a root certificate). All of those things can be done as a reseller or third-party-managed CA. - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
