> * If we have to rely, cost of certificates must be zero. These for the simple > reason than not everyone is living in a rich industrialized country.
Certificates (and paying for them) is an artificial economy. If I register a DNS address, I should get a certificate to go with it. Heck, last time I got an SSL certificate, they effectively bootstrapped the trust based on my DNS MX record... Hence IMO TLS should be: - DANE for everyone - DANE & Trusted Third Party CAs for the few - DANE & TTP & EV for sites that accept financial and medical details The Firefox opportunistic encryption feature is a good first step towards this goal. If they could just nslookup the TLSA certificate hash, we'd be a long way down the road. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform