Open gerv opened 7 years ago
Based on the un-ethical (and often unlawful) behavior we have seen over the last years by many governmental organizations around the global I wonder if we should ban internal governmental auditors in total and require all governmental CAs to be audited by an auditor from a private organization - ideally even from a different legal framework (e.g. only a US based auditor may audit a governmental CA in Europe and vice versa).
If a government CA does not use a 3rd-party auditor (i.e. it's audited by another bit of the government), then the domains that they can issue for should be constrained.