That's kind of the issue. There's basically two circumstances where I want to connect with a remote site:
1. I don't care who they are, I just want to read their content (any site I'm not going to log into, e.g. blog posts, etc)
2. I care who they are, I need to know they're them (banks, HN, Twitter, etc.)
The current CA system provides the second one, but fundamentally it would be nice if, with the lack of a CA-verified certificate, the server/browser would just encrypt the connection anyway.
1. I don't care who they are, I just want to read their content (any site I'm not going to log into, e.g. blog posts, etc)
2. I care who they are, I need to know they're them (banks, HN, Twitter, etc.)
The current CA system provides the second one, but fundamentally it would be nice if, with the lack of a CA-verified certificate, the server/browser would just encrypt the connection anyway.