dennisjackson
commented
4 months ago It sounds like you're trying to describe a use case for Trust Expressions / Trust Anchors, (which would go in the other document) but its unclear how you think those drafts would help with the factors you're describing. All the same concerns you're listing in this comment would seem to apply.
Happy to add a use case if you think there's one missing.
Right now, when a root program adds a new (stricter) requirement (e.g. CT enforcement), it must weigh an availability tradeoff of servers and their capacity to comply with the new requirement, as well as the capacity for CAs with certificates included in the trust store to comply with the requirement. This is dependent on a variety of factors, including intended use cases of the clients using the root store, as well as the estimated level of effort that server operators are willing to expend to continue supporting these clients.
Right now, if a root program determines that it can and should add a stricter requirement, then other root programs may currently choose to add that requirement as well.
In a world with Trust Anchor Negotiation, root programs continue to choose what requirements they enforce, and could continue to choose to follow along with any stricter requirements that a “first mover” root program chooses to add.
In both cases, a “first mover” root program taking a step to increase security requirements contributes to allowing requirements to spread to other root programs.