Comment by technion
5 hours ago
If you go down this path you argue desktop browsing https is broken, which i dont think is a serious argument.
5 hours ago
If you go down this path you argue desktop browsing https is broken, which i dont think is a serious argument.
Well yes, CAs and the ICANN model of DNS are intertwined and fundamentally broken in multiple ways. However the system as a whole is largely "good enough" as can be seen from its broad success under highly adversarial conditions in the real world.
No one is trying to go that far down the path.
https (specifically the CA chain of trust) is imperfect, and can be compromised by well-placed parties.