While I certainly don't love the CA system, this isnt where I see the biggest flaws with SSL.
Regardless of who is "trusted", the true critical points are in the Private Key and the Cryptographic primitives. Fixing the CA model addresses neither.
Symantec CA does not ever get to see my private key when I purchase a certificate from them. They dont get to determine the encryption methods I use. All they do is verify my identity (and do a damn good job at it in my opinion). Server Authentication is an important part of SSL, but its only one part.
The other part, encryption, is able to be undermined in many other ways - ways where we have much more direct proof of gov't surveillance and tampering.
You can perfect Server Authentication all you want, but if there are holes in the encryption, thats all for naught.
The encryption is really quite good. It's actually very rare to have a problem with the crypto. Compromise of the trust network is much more common and is really the problem with today's crypto systems... read a bit about superfish for a good news worthy example of abuse of trust.
When reading the https gov doc -- it's very important to remember that the government runs its own CA.
Superfish was certainly a huge abuse of the trust network. However, if we look at other recent SSL vulnerabilities: Heartbleed, POODLE, FREAK - most of these are all dealing with flaws in the encryption (some directly, through most with the use of side-channel or other clever attacks).
We also know that the NSA is saving encrypted messages for mass decryption in the future. New technologies like Perfect Forward Secrecy (PFS) can help eliminate this issue. I think that fact that nearly 100% of servers were still allowing SSL 3 up until the POODLE attack a few months ago highlights how poor most SSL configurations are. Unlike the trust network, which has infrequent but serious breaches, the encryption side seems to be poorly implemented almost universally.
However, unlike Superfish, which we know affected thousands, alot of these other SSL vulnerabilities are usually just PoCs...
Also it is aggravating to me that the cost of implementing SSL on a single site is too high because of the CA signing cartel. In my experience this is the main reason that many sites eschew the matter altogether. We're creating a digital security ghetto like this, and it is completely unnecessary.
This is one area where government has the capability to lead the way at a very low cost, which is all I was trying to say, perhaps with a bit too much snark.
In my experience the biggest hurdles to implementing SSL are: advertising networks, dependencies (such as internal systems or APIs) that are incompatible, policy of providers (such as Akamai implementing fees far above the actual cost of SSL), or performance issues.
Cost does not seem to be a major issue for most organizations (or even independent websites). Sure, Symantec and other high profile CAs charge an arm and a leg, but thats all marketing. There are affordable and trusted certs out there for <$10 if you just need a single domain cert, and <$100 for Wildcard and Multidomains.
Regardless of who is "trusted", the true critical points are in the Private Key and the Cryptographic primitives. Fixing the CA model addresses neither.
Symantec CA does not ever get to see my private key when I purchase a certificate from them. They dont get to determine the encryption methods I use. All they do is verify my identity (and do a damn good job at it in my opinion). Server Authentication is an important part of SSL, but its only one part.
The other part, encryption, is able to be undermined in many other ways - ways where we have much more direct proof of gov't surveillance and tampering.
You can perfect Server Authentication all you want, but if there are holes in the encryption, thats all for naught.
If I was going to 'fix' SSL I would start there.
I think this is a great initiative.