On Monday, April 13, 2015 at 10:10:44 PM UTC-4, Karl Dubost wrote: > Now the fact to have to rent your domain name ($$$) and that all the URIs are > tied to this is in terms of permanent identifiers and the fabric of time on > information has strong social consequences. But's that another debate than > the one of this thread on deprecating HTTP in favor of HTTPS.
The registrars are, as far as I'm concerned, where the solution to the CA problem lies. You buy a domain name from someone, you are already trusting them with it. They can simply redirect your nameservers elsewhere and you can't do anything about it. Remember, you never buy a domain name, you lease it. What does this have to do with plain HTTP to HTTPS transition? Well, why are we trusting CA's at all? Why not have the registrar issue you a wildcard cert with the purchase of a domain, and add restrictions to the protocol such that only your registrar can issue a cert for that domain? Or even better, have the registrar sign a CA cert for you that is good for your domain only. That way you can issue unlimited certs for domains you own and *nobody but you can do that*. However, like you said that's a separate discussion. We can solve the CA problem after we solve the plain HTTP problem. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform