[lixtra]

The whole CA system is fundamentally broken.

When you point a virgin browser to a new ssl endpoint the user should be presented with the certificate and a list of certificate chains that imply trust in the certificate. At that point you should decide which certificate to trust or not. This can be

- only the end certificate (because you verified the hash),

- some intermediate certificate or

- some/all root certificates (that come with the browser).

Obviously the last option is stating “I’m incompetent and/or blindly trust the browser”. Unfortunately it is the default and the software doesn’t help you to manage certificates you trust in a reasonable way.

For me it would be okay to turn of dumb mode during installation. As a start, the green address bar could be used for these user trusted certificates (instead of for EV).

[geofft]

Not obvious to me at all. I would say that believing you can manually verify hashes in a trustworthy way is incompetent. Where do you get the hashes to compare against from?

[lixtra]

You get the hashes you trust from the counterparty that you trust. I.e. your bank could print it everywhere.

It’s not less obvious than just trusting your browser vendor.

EDIT: Also note that in the presented approach you can still trust some root CAs. It’s just that the user has to do it explicitly.

[isostatic]

I’d like to be able to limit certain privately imported root certificates to specific domains — that would be a valuable feature in a browser to protect against corporate hijacking.

However for the average person what you propose is meaningless.