[Cryptography] Is it time for a revolution to replace TLS?

[grarpamp]

>>> 1) There is a connection between these three threads.  It seems
>>> to me that 6845 forged certificates is 6845 too many.  It is proof
>>> that TLS has failed in its primary mission.
>
> So PKI is a failure for not succeeding in implementing a stupid,
> dangerous model?

Of course single root is a big issue. Similar failure is people
just taking on hundred of roots into all their systems
blindly, and then foolishly trusting the tin wrapper. Well
managed PKI works great, unfortunately usually only
found in private use.

'TLS' hasn't really failed in regard to bogus certs / mitm, that's
PKI's scope. Though TLS is nowadays quite bloated in
supporting old protocols / algos. Good to see it being
worked over. I probably meant to deconflate [1's] tls issues
from cert/mitm/trust issues, but it didnt come out that way.