> Domain names should be a thin wrapper around private/public keypairs.
This way anyone who gets access to the keys, even temporarily gets to take over the whole domain. No chance to resolve the issue with a registrar who can manually review the case and revert changes. This would include anyone working on that level of infra in your company and anyone who hacks them.
I'm not sure what would you compare the https cert to without a central authority in that case.
We tried the web or trust with PGP and it turns out key management is really hard and apart from few geeks nobody's that interested.
The certificate market is a lot better than the domain market, because it's not a monopoly. I think it makes sense to have a trusted-signature system as a backfill and bootstrap for your web of trust.
Agree that nobody cares about this though. I'm certainly not surprised that we settle for easy mediocrity.
This way anyone who gets access to the keys, even temporarily gets to take over the whole domain. No chance to resolve the issue with a registrar who can manually review the case and revert changes. This would include anyone working on that level of infra in your company and anyone who hacks them.
I'm not sure what would you compare the https cert to without a central authority in that case.
We tried the web or trust with PGP and it turns out key management is really hard and apart from few geeks nobody's that interested.