Their intent may be just fine. For instance, you want want to have an internal CA installed so that you can deploy SSL-enabled services without having to buy certificates from a commercial CA.
Of course it allows SSL traffic interception, which is likely to be illegal, but nothing proves it was done, or even planned. The the real problem here is that the CA framework allows any CA to sign any certificate.
There's some kind of fear that [Tutankhamun] may have been a Jewish ancestor. Which would somehow make Egypt part of Israel.
With that kind of rationale, China would be somehow part of Mongolia
So you'd switch from a newer technology to an older one?
It is common to replace code quickly written in recent language, by something faster written in ancient C.
How much study do YOU suppose is put into proving/disproving the efficacy of any substance which cannot be patented? Take all the time you need to think that over. And then tell us who will pay for those studies and why.
France have public research centers (in Univerisites, but also CNRS and INSERN), therefore the knowledgeable people are available to do it.
Next you need the funding. Considering that expensive patented drugs are reimbursed to the patient by socialized healthcare, you can play a zero-sum game: tax payers money can be invested into developing patent-free drugs that will be less expensive, and will cost less to healthcare. And here tax payers get their return on investment.
We need to replace both SSL/TLS AND the broken CA cert model
Here is a proposal: DNSSEC ensures DNS record integrity, so use it to publish domain-specific CA. If you need to connect to www.example.com, get example.com's CA from the DNS, and use it to validate www.example.com certificate.
multi-billion dollar international project led by the French. What could go wrong?
French managed many big industrial projects on their own. To name a few: Ariane, Concorde, nuclear reactors and nukes...