What authorization is required in this scenario? I'm talking about a novel idea here, one that doesn't fit into the existing CA model. There would be no CA in this scenario; verification would be decentralized, based on shared information, not on knowledge of a secret.
And we should do this, because this Let's Encrypt CA, while a great step forward, is still vulnerable to man-in-the-middle attacks, explained in this video:
What authorization is required in this scenario? I'm talking about a novel idea here, one that doesn't fit into the existing CA model. There would be no CA in this scenario; verification would be decentralized, based on shared information, not on knowledge of a secret.
I'm not sure web-of-trust can be considered a novel idea in 2014.
We can all look at the variety of web-of-trust methods to see how well that's taken off amongst internet users.
It is novel, in terms of there being any such service in existence, ever.
So, blockchain solutions do work, and here is how:
https://github.com/okTurtles/dnschain
You can replace all CAs with a single blockchain.
And we should do this, because this Let's Encrypt CA, while a great step forward, is still vulnerable to man-in-the-middle attacks, explained in this video:
https://vimeo.com/100433057