It’s much easier said than done. Anyone can start a new Certificate Authority but for it to be useful internationally it (its public key) needs to be built-in to (trusted by) all of the popular web browsers, the largest of which are all controlled by US companies.
How about we build a service that ignores the US sanctions and instead honours the United Nations sanctions?
It’s much easier said than done. Anyone can start a new Certificate Authority but for it to be useful internationally it (its public key) needs to be built-in to (trusted by) all of the popular web browsers, the largest of which are all controlled by US companies.
While that’s absolutely a consideration, it’s hardly an insurmountable issue.
Would that change the list of sanctioned countries meaningfully?
Yes. It would be by global consensus rather than at the whim of an individual.
Here’s the latest list I could find, and they’re clearly not the same.
https://www.sanctionscanner.com/blog/list-of-sanctioned-countries-by-ofac-un-and-eu-2025-1103