And, over time, we will inevitably learn something about the various companies in the business of selling trust.
We'll see the Certificate Authorities used by major companies and come to trust them more than a company whose name we have never seen before. We will know who is supposed to be vouching for the secure sites we frequent. As things stand, the identity of a CA means nothing to almost everyone using the Internet.
Spy agencies would hate educated consumers.
The current system serves them well. They can offer up a scam copy of a website and vouch for it with a certificate from a compromised Certificate Authority. Compromising a single CA, lets them vouch for any website, as long as the CA name is hidden. If we could see that Harveys Certificate Authority was vouching for the Bank of America, the scam wouldn't work.
So, lets see it Google, Apple, Mozilla and Microsoft. I dare you to prominently tell your users the Certificate Authority vouching for the identity of supposedly secure websites.
Certificate Authority identities matter.
Sign up for CIO Asia eNewsletters.