The power play in the CA world has already happened, with the major browser and ...

ocdtrekkie · on Sept 17, 2018

An EFF member has tried to convince me that Google is subject to the whims of the CAB, but failed to explain to me how. Google's Root CA policy doesn't mention the CAB, and specifically provides Google's own authority to remove CAs as it sees fit.

Whether or not Mozilla, Microsoft, or Apple follow suit, if Google were to chose to distrust a CA, such as they did with Symantec, due to Chrome's 60%+ market share, that CA is out of business, regardless of what any other browser vendor says on the matter. Whether or not the other vendors choose to follow suit doesn't change the fact that the CAB has no legal authority over Google, and Google is a significant majority of the browser market.

ubernostrum · on Sept 17, 2018

You just shifted the goalpost.

Google's going to maintain a root store either way. The parent I replied to was worried that Google becoming a CA would be a power play to eliminate all other CAs and then Google would get out of the business. Apple, Microsoft and Mozilla have the power to drop Google's CA from their root stores and make Google-issued certs worthless on a huge number of devices worldwide, which is how they act as a balance against unilateral moves by Google-the-CA.

ocdtrekkie · on Sept 17, 2018

Would Mozilla be able to risk being the browser that can't access Google services? I am not sure that's a realistic scenario for any of the major browser vendors. But arguably if Google's Root CA were never to gain multi-browser support in the first place, they'd never be able to launch their service to begin with.

I don't think Google would "embrace, extend, extinguish" the CA market though as the parent suggested, the CA system gives Google a massive amount of control of the Internet at large, and I can't fathom them giving it up.