7 Mar
2012
7 Mar
'12
12:46 a.m.
Craig Sanders wrote:
To me, 2. is far more worthy of my trust than 1., but I'd prefer an option 3 (which doesn't exist for ssl/tls AFAIK):
3. a certificate signed by several (the more the better) other certificates in a large web of trust.
Nitpick: you're talking about X.509, not TLS. It is *probably* technically possible to use TLS with trust managed via a GPG trust model, in the same way monkeysphere uses GPG to manage SSH trust. Of course, you'd have to patch the both ends of the TLS connection, so in the context of "everything is a browser" it's unlikely to fly.