It seems to me that the issue with respect to the .well-known/browserid which he raises is itself an issue with the CA system; the assumptions are a) that the key serving the site is verified by a trusted CA and b) that the key is serving the correct file. In fact, it's quite possible that a trusted CA is compromised, and it's even possible that the key has been misled into serving (and authenticating) the wrong file.
In short, we're entrusting every single CA in the world with the login of every single user in the world.
That doesn't seem terribly good to me.
A better system, IMHO, would involve offline keys for each identity provider; these keys would each sign an online key (or online keys) which would be used to authenticate the users. Each relying party would have to make a decision on how to handle hitherto-unseen keys (TOFUPOP backed up by SSL is, while imperfect, no indefensible).
TOFUPOP would protect against bad-faith CAs, and offline long-term keys would enable key mobility. Note that with a properly-specified certificate calculus, the offline key could authorise its own backups...
In short, we're entrusting every single CA in the world with the login of every single user in the world.
That doesn't seem terribly good to me.
A better system, IMHO, would involve offline keys for each identity provider; these keys would each sign an online key (or online keys) which would be used to authenticate the users. Each relying party would have to make a decision on how to handle hitherto-unseen keys (TOFUPOP backed up by SSL is, while imperfect, no indefensible).
TOFUPOP would protect against bad-faith CAs, and offline long-term keys would enable key mobility. Note that with a properly-specified certificate calculus, the offline key could authorise its own backups...