Hey, this is Richard, the author of the post. All the feedback here is great, but if you've got thoughts on whether we should pursue this strategy or not, please comment on the mozilla.dev.platform list.
"Basically, the current CA system is - again, to put this as gently and politely as possible - fucking broken. Anything that forces the world to rely on it exclusively is not a solution, but is instead just going to make the problem worse."
Please keep that fact - that the CA system is, as I put it with all the gentleness and politeness it deserves, "fucking broken" beyond any repair - in mind.
(And no, "the CA system is fucking broken" is not an opinion; it is a verifiable fact, as much as the concept of gravity is a verifiable fact)
Just on my Debian box there are 173 entities (along with all their employees, disgruntled employees, hackers, and probably governments) who can sign a certificate for google.com that my computer will accept. I can think of five cases in as many years off the top of my head of a fake google.com (or related) certificate being found in the wild by Google because of various levels of CA incompetence and/or fraud.
Worse yet, this bungled attempt at authenticity has been awkwardly nailed to the much simpler (and in most cases much more important) question of cryptographic security, with the result that going through the absurd charade of convincing a CA of my identity is required simply to offer a client the assurance that I, whoever I may be and however much the client does or doesn't trust me, actually sent the message the client received and that nobody in transit could read it.
The idea of having to trust a central authority for verification is the root cause of the vast majority of the brokenness; it means that proper TLS-based security for the web is not only financially prohibitive for even individuals in developed nations, let alone developing (with very few exceptions in the CA space providing cheap or free certificates), but is also a single-point-of-failure in terms of security.
Nowadays, we have this magical thing called a "blockchain" that can be used for everything from currencies (Bitcoin) to domain names (Namecoin); with some further refinement, using a blockchain as a certificate authority would fix both problems right away.
I certainly agree it should be replaced, but I think it's a bit off the mark to say that self signed certificates should be trusted the same as CA signed ones (something that badrami was suggesting throughout the thread). Yes, certificates insufficiently identify a site's owner but self signed certificates are as bad as a CA's worst case scenario.
When it comes to security, you should always assume worst-case scenarios are going to occur.
In which case, the equivalence of self-signed and CA-signed is entirely on-the-mark. There's no real guarantee that the certificate authority is any more secure or trustworthy than, say, my five-year-old niece.
This is why decentralized systems (lately, that's been interpreted to mean "systems using a cryptographic ledger or blockchain" or "systems that rely on mesh topology graphs" (i.e. something similar to Namecoin or something similar to PGP, respectively), but those aren't the only models out there) are ultimately necessary for this; that way, you don't have to trust one arbitrary centralized authority, but instead can trust, say, a majority of a collection of hundreds or thousands or millions of such authorities coordinating via an agreed-upon protocol/convention/etc. My own bet would be on a cryptographic ledger (PGP-style webs-of-trust aren't nearly as end-user-friendly, whereas a "blockchain" has more potential in that area, since it's easier to abstract away from the end user), but pretty much anything at this point would be less convoluted - and more secure/trustworthy/effective - than the current system.
I disagree. There's a significant amount of security we gain from collectively using the CA system over self signed certificates. If a CA is subverted my browser or OS vendor can pull the CA or the CA, if trustworthy, can revoke the certificates.
Let's say a CA has issued certificates for example.com to someone with nefarious intent. It's discovered that the CA's security is completely compromised and my vendor pulls the plug. In our current scenario I can visit example.com while being MitM'd and my browser vendor has made sure I get a big alert when I connect.
In a scenario without CAs, I visit example.com and my browser vendor has no idea that I'm being MitM'd nor do I since I've never been to example.com and examined the certificate.
Is it perfect with CAs? No. Will some get victimized by a CA's carelessness regardless of when it's caught? Probably. But most of us remain more secure with it than without it. For most users on most sites it works albeit haphazardly. It should absolutely be replaced. But to suggest that the security benefits should be abandoned because it's possible that it could happen is short sighted. It would be open season on internet users.
"Basically, the current CA system is - again, to put this as gently and politely as possible - fucking broken. Anything that forces the world to rely on it exclusively is not a solution, but is instead just going to make the problem worse."
Please keep that fact - that the CA system is, as I put it with all the gentleness and politeness it deserves, "fucking broken" beyond any repair - in mind.
(And no, "the CA system is fucking broken" is not an opinion; it is a verifiable fact, as much as the concept of gravity is a verifiable fact)