Statements about the certificate_authorities extensions are inaccurate and inconsistent with previous arguments

[dadrian]

In "Fingerprinting and Client Privacy", there are two statements comparing the risk of certificate_authorities to Trust Expressions, both of which are inaccurate or political speculation:

1. Scalability:

   not viable for establishing a domestic root program because it does not scale

   A domestic root program can be a single or small number of CAs, so scaling is not a requirement.

2. Mandates

   certificate_authorities has only been implemented for client certificates…no government can force a change to how TLS libraries handle certificate_authorities

   If the government cannot mandate changes to clients, then root programs will continue to have sovereignty over their root stores and all of this discussion is irrelevant.

These statements are also inconsistent with earlier arguments about mandates. If a government cannot mandate changes to clients, why does trust anchor negotiation somehow make it more likely that a government can mandate a change to clients? If server adoption via a negotiation mechanism is a key concern to the feasibility of mandating trust store contents, how come existing (albeit inefficient) negotiation mechanisms cannot be leveraged to enact the same mandate?

Overall, this section is full of technical inaccuracies and baseless political speculation. Continuing to have this flavor of discussion discourages productive participation by a broad set of IETF contributors.