I'm sympathetic & way more agree than disagree. But DNS doesn't fill me with joy. It's quite centralized, quite a huge organizational vulnerability.
If we had some alternate addressing schemes in the browser that could do trust, I'd be much happier. Like, can dat protocol be a secure origin? Or like, if the goal really is just to secure users, maybe we need to let opportunistic encryption be something users can opt in as secure (even though it can be mitm'ed at the start).
Let's Encrypt has changed the game. It's great that https has so very very suddenly gone from frustrating & business class only to something even the casuals can easily do. But still, I'd love some less centralized systems for trust to be available, some visible known alternative paths demonstrating that there are diverse options at these lower transport/security layers of the network stack.
If we had some alternate addressing schemes in the browser that could do trust, I'd be much happier. Like, can dat protocol be a secure origin? Or like, if the goal really is just to secure users, maybe we need to let opportunistic encryption be something users can opt in as secure (even though it can be mitm'ed at the start).
Let's Encrypt has changed the game. It's great that https has so very very suddenly gone from frustrating & business class only to something even the casuals can easily do. But still, I'd love some less centralized systems for trust to be available, some visible known alternative paths demonstrating that there are diverse options at these lower transport/security layers of the network stack.