[skuhn]

Not exactly distributed, but it is based on a somewhat different trust model than conventional CAs: https://letsencrypt.org/

It remains to be seen if it actually makes an impact upon launch. It certainly can't replace all the types of certs in use today.

[ctz]

Let's encrypt is the exact same trust model as conventional CAs selling you a DV certificate. Apart from that, the trust model in the public CA system does not and cannot vary by CA: you trust them all, equally, all the time.

[skuhn]

Sorry, I meant the nature of the CA as a public benefits corporation that is more open than conventional CAs. Meaning maybe I personally trust them a bit more than Verisign -- although I haven't decided if I do, and really any CA will betray you rather than go to jail on your behalf.

Their certs are indeed the same DV type as always.

[smoyer]

I'm planning on encrypting all my static sites once letsencrypt is available. I don't pass private data (currently) but if it's free why not?

[skuhn]

Makes sense to me, and I think this is the future of the web. HTTP will simply cease to be a viable option in the next 3-4 years if cert prices are reduced (or eliminated) and SNI becomes widely available.

Good for Let's Encrypt in taking the initiative to make this happen sooner rather than later.