[pilif]

> there should be a way to use TLS with a self-signed cert to say hey, I'm not making any strong claims of identity or privacy here, I just want some modicum of obfuscation of the traffic.

How would a browser know whether a site presenting a self-signed cert is one where no strong claims of identity or privacy are needed or whether it's one where strong claims of identity are needed but which has been MitM'd.

Also, do this without the browser talking to some "mothership" to ask about what a domain should be treated us because that would leave that party in a position where it gets to all of your browsing history.

[entropyie]

Requiring a remote 3rd party to bless a transaction in order for two computers on a local network to talk to each other, is tyrannical and anti-resilient.

[entropyie]

DNS? crt.sh? Certificate Pinning? Apply this only to non-routable IPs? Apply this only to certain TLDs, such as: .local .lan .personal There are many options. Also, how would this be any worse than visiting a plain HTTP site instead?

[pilif]

DNS can be MitMd. crt.sh would be in a position to get all your browsing history.

The local thing would work, but of course only for local hosts.

It would not be worse than using plain http and my personal opinion is that visiting a plain http site should have the same UX as visiting a self-signed one.

[entropyie]

All fair points, and I would settle for HTTP equivalent UX. DOH and DOT would go some way to mitigating DNS inadequacies (although they have their own issues in terms of network autonomy). I personally think the best long term solution would be for each TLD to maintain the CA bundle and TLS standards for that TLD. That way there is no case where a CA cert from CN can issue a cert for google.com .

It would also specifically allow non-identity locally issued certs for .local, .lan, .hobby etc...

[nisegami]

The browser shouldn't, the user is the one that needs to make that determination. But right now, the user doesn't even have that choice.

[ozim]

You still can have untrustworthy page and user still has to make that determination with TLS or without. If you connect to bad guys server you still will get owned.

Problem is that technically *user should not make that determination* - for casual user TLS is transparent. Which takes burden of technically knowing if traffic was or was not MiTmed out of the question for end user. End users should make less technical decisions because they want to browse websites - not worry about if someone is injecting stuff in their traffic.