zlacker

>>KoftaB+(OP)
It’s passive-aggressive as hell and I can tell this guy and the idea as a whole are DOA… like even if this scheme didn’t give off strong Amp vibes, Google is the last company we want spearheading something like this. Stop trying to stay relevant, Google.

>>gymbea+Sb
Google has already achieved this goal with their QUIC based HTTP/3. No implementation or use of HTTP/3 lib in any browser can connect to a webserver unless it gets the continued approval of a third party incorporated CA for TLS certs. With a 90 day renewal period that's basically just attestation of content every 90 days. If your site becomes illegal in an area (say, abortion information) then your CA TLS host can be pressured, cert revoked, and your site made unvisitable for all but uber geeks compiling their own HTTP/3 libs with special flags and linking them to $browser manually. There's no way to host a HTTP HTTP/3 site that's visitable. And no one minds. So...

Google could have avoided all of this blowback over WEI by simply calling it "HTTPS+ Everywhere" and pretending it helped user privacy only.

I'll grant there are a few more TLS CA options than possible WEI attestation options (if they really are to come from the OS vendors like the spec suggests). But not that many more and any legal pressure applicable to one is applicable to all. Both Google WEI and Google QUIC HTTP/3 are terrible and both need opposition or at least mitigation.

>>superk+Hg
> If your site becomes illegal in an area (say, abortion information) then your CA TLS host can be pressured, cert revoked

oh please... scare monger more. Like great, let's attach your petty little gripe to something that people care about in order to maybe get them on your side. except you can't show any real examples of it truly applying, so you just have to hint like "oh, this is possible, just imagine".