Good riddance Certificate Authorities

I've long moaned and bitched about Certificate Authorities and the cost of SSL, and recently I think I've seen the light at the end of the tunnel.

It's called DNS-based Authentication of Named Entities aka DANE and Domain Name System Security Extensions aka DNSSEC.

This will as I understand it, put the multi-million "Certificate Authority" industry out of business. Goodbye Verisign, Thawte, Geotrust, RapidSSL.

I've archived a list of the trusted Mozilla CAs currently shipped in Firefox here for future prosperity.

Folks in the future might think, it's amazing that we had a system that allowed the Turkish government to impersonate any SSL secured Website.

In order to make this sea change possible, I urge you to lobby your DNS service to support DNSSEC and get experimenting with DANE.

Found any of my content interesting or useful?