WardCunningham thinks we should abandon https : http://found.ward.bay.wiki.org/view/https-means-business

Https encrypts browser / server communications so that attackers in the middle can't sniff it.

But also provides signing / authentication so servers can prove who they are.

Unfortunately that makes it rely on trusted / centralized authorities to sign / authenticate the servers. Which makes a two tier system. Big companies get signed by other big companies. And the little guys find it much harder.

Surely it's possible to come up with more level / P2P / open domain / authenticity signing systems today? AlternativesToDNS / BlockChain

And maybe we should use those instead.

OTOH, ElectronicFrontierFoundation provide https://www.eff.org/https-everywhere which should level the playing field by making https easy for all servers to get.

But perhaps the reality doesn't live up to the hype? Or the technical hurdles are still too high?

No Backlinks