Good riddance Certificate Authorities

I've long moaned and bitched about Certificate Authorities and the cost of SSL, and recently I think I've seen the light at the end of the tunnel.

It's called DNS-based Authentication of Named Entities aka DANE and Domain Name System Security Extensions aka DNSSEC.

This will as I understand it, put the multi-million "Certificate Authority" industry out of business. Goodbye Verisign, Thawte, Geotrust, RapidSSL.

I've archived a list of the trusted Mozilla CAs currently shipped in Firefox here for future prosperity.

Folks in the future might think, it's amazing that we had a system that allowed the Turkish government to impersonate any SSL secured Website.

In order to make this sea change possible, I urge you to lobby your DNS service to support DNSSEC and get experimenting with DANE.


If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!