Do you think that with public key pinning self-signed certs begin to make sense? Also, do you feel that CAs and the PKI system do provide appropriate authentication (this being a cost-benefit rather than a 100%-correctness analysis)?
Yes! Key continuity is a legitimate identity scheme; the only trick is to implement it scalably, so it actually happens, rather than being a fig leaf (an unworkable variant of key continuity already exists in browsers today).
I think the CA system by itself is inadequate, but unlike unauthenticated TLS, actually does provide some security.
Then I don't see how that would be true. Mimicking a server requires significantly more effort that simply storing the traffic. So even if someone were able, it doesn't follow that they would want to go through that effort in every case.
Do you think that with public key pinning self-signed certs begin to make sense? Also, do you feel that CAs and the PKI system do provide appropriate authentication (this being a cost-benefit rather than a 100%-correctness analysis)?
Yes! Key continuity is a legitimate identity scheme; the only trick is to implement it scalably, so it actually happens, rather than being a fig leaf (an unworkable variant of key continuity already exists in browsers today).
I think the CA system by itself is inadequate, but unlike unauthenticated TLS, actually does provide some security.
You're saying that everyone able and willing to passively snoop, is also able and willing to compromise the channel and mimic the server?
Correct.
Then I don't see how that would be true. Mimicking a server requires significantly more effort that simply storing the traffic. So even if someone were able, it doesn't follow that they would want to go through that effort in every case.