You're conflating TLS and the current CA model. I'm all for TLS-everywhere and ditching the CA model (no, there are no easy alternative to the model we have come to build and accept, it will have to be gradually evicted)
Here's how the security warnings are in current browsers:
- HTTP: no warning
- untrusted HTTPS: warning
- trusted HTTPS: no warning
This is dumb. We explicitely say that an untrusted HTTPS is worse than raw HTTP, even though it preserves more privacy at a very little cost. We should alternate the two first levels.
Here's how the security warnings are in current browsers:
- HTTP: no warning
- untrusted HTTPS: warning
- trusted HTTPS: no warning
This is dumb. We explicitely say that an untrusted HTTPS is worse than raw HTTP, even though it preserves more privacy at a very little cost. We should alternate the two first levels.