[majelix]

> The CA system is totally flawed anyway

The flaw basically being that people aren't trustworthy, yes?

Do you have any alternatives? There's ssh's model, where you just hope it's the right certificate the first time; or maybe mob-source it like WoT?

[pantaril]

There are flaws with current PKI infrastructure but as you say, it's better than nothing. There are also several initiatives to improve this situation. Google has come with certificate transparency ( http://www.certificate-transparency.org/ ) which essentialy creates public log of all issued certificates so everyone can see and verify that certificates authorities don't issue bogus/fake certificates

There is also an idea to use proof of work to estabilish network-wide consensus about valid certificates (like bitcoin or namecoin blockchain). This would be fully decentralised solution.

[victorf]

I like the idea of a blockchain for it, the only downside would be using all that space.