> > A new type of authentication should be added to replace any certificate > > use besides "Domain Verification". For example, determining that a > > business exists and is legitimate. > That is CABForum Extended Validation Criteria, the system Google has effectively dismantled. ...and is another consequence of the gatekeeping and ineffective governance. It is, arguably, a more salient and potent issue that the possibility of censorship that Nick raises. Regardless of whether one thinks EV (or 90-day expiry, etc) is a good idea or not, the fact that a single actor can, essentially, make these decisions unilaterally is clearly a problem. It's a failure of the market, compounded by the powerful network effects inherent in the web PKI that make it difficult to innovate around these monopolistic behaviours.
