Good riddance Certificate Authorities
I've long moaned and bitched about Certificate Authorities and the cost of SSL, and recently I think I've seen the light at the end of the tunnel.
It's called DNS-based Authentication of Named Entities aka DANE and Domain Name System Security Extensions aka DNSSEC.
This will as I understand it, put the multi-million "Certificate Authority" industry out of business. Goodbye Verisign, Thawte, Geotrust, RapidSSL.
I've archived a list of the trusted Mozilla CAs currently shipped in Firefox here for future prosperity.
Folks in the future might think, it's amazing that we had a system that allowed the Turkish government to impersonate any SSL secured Website.
In order to make this sea change possible, I urge you to lobby your DNS service to support DNSSEC and get experimenting with DANE.