Comment by tatterdemalion
11 years ago
This seems like a really great step toward an HTTPS web. It will be an immediately deployable solution that can hopefully TLS encryption normal and expected.
However, it doesn't do anything about the very serious problems with the CA system, which is fundamentally unsound because it requires trust and end users do not meaningfully have the authority to revoke that trust. And there's a bigger problem: if EFF's CA becomes the standard CA, there is now another single point of failure for a huge portion of the web. While I personally have a strong faith in the EFF, in the long term I shouldn't have to.
Agreed. For all the hoopla, this is basically just like any other CA (but free). Until we have a truly distributed (namecoin-esque) and accepted CA structure, signed certificates may as well be pipes directly to the NSA.
That said, not having to pay some jerk for sending me an email and having me enter a code is really nice. The current CA system is a pitiful excuse for identity verification, and not having to pay for it will be nice.