Comment by tatterdemalion
11 years ago
Thanks for doing this. It's really great and its something that clearly needs to happen.
The next step will be to replace the CA system with something actually secure, but that comes after we move the web to a place where most websites are at least trying.
We'll be in a position to deploy defenses like pinning (http://www.ietf.org/id/draft-ietf-websec-key-pinning-21.txt) for site operators who want more protection against the structural problems of the CA system. That will need to be implemented with care, but it should be possible.