Dear Nick,I'm quite interested in this discussion, and come from a similar viewpoint, where these CAs (along with browsers scary warnings) are basically gate-keeping the ability to provide TLS to some extent.
I think this could actually be done with some non-profit organizations, and could provide at least the same level of security as the Domain Validation checks done by organizations like "Let's Encrypt", but without needing a Certificate Authority that can sign on behalf of *any* site, and without sites needing a signature from a small list of Certificate Authorities. I could write up more details if people are interested.
Curious to hear what you have in mind, in this hypothetical NGO scenario, how is the DV done, and who signs the TLS certificate?
Regards, Raghu Saxena
Attachment:
OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
