> But there is opportunity for something else out there, because right now https is not living up to the "authentication" promise when you have Firefox, Chrome et al. kotau to company proxies and all kinds of dubious state CAs in the trust root.
There's already a lot of things being done to improve the situation. Honest question: Are you aware of them? Do you know Certificate Transparency? Have you followed the intense discussion about Dark Matter? Do you know what the Baseline Requirements are? Do you know how Webauthn prevents Phishing?
There's already a lot of things being done to improve the situation. Honest question: Are you aware of them? Do you know Certificate Transparency? Have you followed the intense discussion about Dark Matter? Do you know what the Baseline Requirements are? Do you know how Webauthn prevents Phishing?