The sheer fact that you need to involve a third party for encryption shows that the web is fundamentally, conceptually broken and no longer lives up to its original design goals.
1. You don't need Web PKI certificates for encryption. Indeed in TLS 1.3 this is very obvious because the encryption switches on before any certificates are even involved. You need certificates to... certify identity. And this isn't some oddity of "the web" which might show it's "broken" but simply a mathematical fact about what identity is. If you don't want certificates, you have to just magically know every identity somehow. Works for ten PCs in your office, doesn't scale for tens of millions of web sites.
2. Tim's "Original design goals" are for a system that runs at CERN in Switzerland and is modelled on an earlier system he'd worked with in the 1980s. Tim's system has no encryption, nor does it have most other features you'd expect.
You don't need a third party. You can `openssl req` a self-signed certificate, and as long as whatever device you want to talk to accepts it, you get secure communication.
The other comment sums it up, a third party is a good line between convenience and security.
>You can `openssl req` a self-signed certificate, and as long as whatever device you want to talk to accepts it
Device? We're talking about browsers. Browsers are getting increasingly hostile towards self-signed certs. Ironically, Google doesn't trust third-party root CAs, so they became one themselves. It's good to be the exception to the rules you push on others.
The public internet is not a sandbox for hobbyists any more, like in was in 1993. Now there are incentives to crack you, impersonate you, tamper with the information you're serving. The web had to adapt or perish.
I agree. It may only theoretically be a problem that a set of trusted CAs can dictate who can communicate with each other, but theoretical problems have nasty ways of eventually becoming concrete.
It's definitely worth having the encryption that prevents a lot of problems today, but I'm worried that QUIC has no unencrypted variant at all. That's almost certainly safer for the user, but it means that if a government blacklisted you out of a certificate, you're screwed.
