> This, in my opinion, can make all US encryption, even US-based
   > certificate authorities really untrustworthy. What is to stop them
   from
   > getting GoDaddy to give up their root certificates with a NSL and a
   > small legal justification?
   We need to catch a CA which does this, for example using Certificate
   Transparency.
   Then handing over the CA private key is equivalent to committing
   company suicide.
   This means that
   1. CAs will fight with all they've got
   2. If corruption is successful, eliminates US CAs one by one until
   there are none left to compel.
   > some have suggested a rule #5: don't distribute updates automatically
   > to your users and don't implement security critical functions in code
   > that is delivered to the client via the server.
   I don't think disabling auto-update is a good idea. What we need is
   secure auto update.
   This involves:
   1) requiring multiple signatures on the update by people in different
   jurisdictions
   2) Reproducible builds
   3) A Certificate Transparency like log of all updates.
   I believe TOR is doing some work on points 1) and 2).