[Cryptography] Is it time for a revolution to replace TLS?

[grarpamp]

> 1) There is a connection between these three threads.  It seems
> to me that 6845 forged certificates is 6845 too many.  It is proof
> that TLS has failed in its primary mission.

Err, that x509 has failed as implemented in the 'global' CA model.
There never was the 'one true CA' [1], housed at ARIN or the UN
or some such, from which all downstream CA's [revokeably] spawn.
It's really just who pays and doc's up enough to be put in NSS as a
commercial competitor. And that only covers rogue / counter CPS
CA's, not all the click-to-accept mitm stuff outside of that.

[1] It would be interesting to research the very first NSS CA entries
such as with navigator or with MS browser 15+ years ago. And any
divergence from early acceptance/hierarchy models.