Web security based on PKI model based on 100's of "trusted" authorities is just broken. And yet, the "security industry" continues doubling down on "moar TLS" "moar green locks" model instead of coming up with a better model.
The tragedy is, that most of the internet access is now happening from mobile devices and majority of that is coming from native apps. The apps need neither the same trust model nor have any "green locks". But PKI/TLS based orthodoxy has such a death grip on the industry that people continue to use this broken model for native apps where it makes even less sense than it does for browsers.
I suspect that this would be a "perfect is the enemy of good" type of situation w.r.t. native apps. Key pinning is certainly the preferable solution for native apps, but defaulting to at least the security properties provided by the Web PKI (which, obviously, isn't perfect, but it is a significant hurdle for an attacker). I mean, we've had plenty of reports of various mobile apps not getting certificate validation right in the last couple of years, imagine what the situation would be like if TLS backed by the Web PKI weren't the default? How many apps would even bother to implement pinning, and how many would get it right?
I think defaulting to the Web PKI and strongly encouraging use of key pinning (with good tooling, etc.) is the right approach here.
You can still promote using TLS while recognizing the flaws in the current PKI-based authentication system. From a purely technical perspective, a TLS connection without authentication is still better than no encryption at all.
And yet there are millions of people using the Internet and we have to protect them with the army we have. I hope we'll see something like Marlinspike's Notaries becoming widespread in our lifetime, though.
Well, unless apps authors are writing their HTTPS clients from scratch, I suppose major mobile OSes provided HTTP client API functions do actually check certificates?
I think chetanahuja is saying apps don't have to rely on CAs. They can distribute a single trusted certificate, only trust a single CA or use key pinning.
The tragedy is, that most of the internet access is now happening from mobile devices and majority of that is coming from native apps. The apps need neither the same trust model nor have any "green locks". But PKI/TLS based orthodoxy has such a death grip on the industry that people continue to use this broken model for native apps where it makes even less sense than it does for browsers.