The realist in me says this will just frustrate developers as staunch advocates of Firefox pester for working services while higher-ups refuse to justify the cost to suit a possible minority userbase. These users being forced to either switch browser or move service provider.
IMO, before http is deprecated, we need public key in DNS support, bypassing the CA system. It would possibly be a lower level of security than CA cert, but would be good for many sites.
That's kind of the issue. There's basically two circumstances where I want to connect with a remote site:
1. I don't care who they are, I just want to read their content (any site I'm not going to log into, e.g. blog posts, etc)
2. I care who they are, I need to know they're them (banks, HN, Twitter, etc.)
The current CA system provides the second one, but fundamentally it would be nice if, with the lack of a CA-verified certificate, the server/browser would just encrypt the connection anyway.
I'm all for this switch to SSL. But there's no way Mozilla's announcement will effect global deployment of TLS... not with 11.7% market share (NetMarketShare.com, https://www.netmarketshare.com/browser-market-share.aspx?qpr...).
The realist in me says this will just frustrate developers as staunch advocates of Firefox pester for working services while higher-ups refuse to justify the cost to suit a possible minority userbase. These users being forced to either switch browser or move service provider.