The best alternative I've heard so far is actually a patch: We keep the CAs, but they publish signed, append-only lists containing every cert they've issued.
No cert is trusted if it isn't in such a list, and the lists are mirrored (and cross-signed) by a bunch of trustworthy authorities, hashes written into the blockchain, and so on.
Then any CA who issues a cert for www.google.com will also have to publish irrevocable proof that they done fucked up; and when their CA status is revoked it's possible to grandfather in certs they've already issued to avoid breaking lots of sites.
Of course, it won't solve the problem of CAs unjustifiably charging $$$ for certain types of cert - or the problem of the dubious authentication done for affordable domain-validated certs.
> Then any CA who issues a cert for www.google.com will also have to publish irrevocable proof that they done fucked up; and when their CA status is revoked it's possible to grandfather in certs they've already issued to avoid breaking lots of sites.
I wish. Even in cases today where we have conclusive proof of CAs willfully issuing fraudulent certificates, they get a pass. TrustWave still has a valid CA cert even after having been caught with their hand in the cookie jar.
Oddly, DigiNotar got the death sentence. The only lesson I can see in this is that incompetence is inexcusable, but willfully subverting the CA system is A-OK.
No cert is trusted if it isn't in such a list, and the lists are mirrored (and cross-signed) by a bunch of trustworthy authorities, hashes written into the blockchain, and so on.
Then any CA who issues a cert for www.google.com will also have to publish irrevocable proof that they done fucked up; and when their CA status is revoked it's possible to grandfather in certs they've already issued to avoid breaking lots of sites.
Of course, it won't solve the problem of CAs unjustifiably charging $$$ for certain types of cert - or the problem of the dubious authentication done for affordable domain-validated certs.