Comodo, not to be confused with the similarly named Komodia from yesterday, are the world biggest issuer of SSL certificates.
Hardly. They give away a bunch of worthless email certs that aren't trusted by anyone, allow me to make wanking motions. No one that matters uses them and no browser that matters trusts their free certs by default.
Ahh, the post of someone who's riled up but doesn't actually understand what they are talking about.
People wonder how come NSA/GCHQ are able to intercept HTTPS connections so easily and in bulk.
Only the ignorant wonder that, just because you do, doesn't mean everyone does.
We need to remove the whole signing process and replace it with *time*. The one thing an attacker cannot do is go back in time and change a key exchanged in the past.
You don't have any idea how this system works currently, do you?
You want the websites to tell you their public key information, and for everyone else on the Internet to remember it and tell you when it changes ...
or ...
you could just learn what certificate pinning is.
We need to remove the certificate authorities, because they are the weak link in secure comms.
So you want me to ask Google what Google's public key is and then trust whatever I get sent is actually the public key, with no verification of that, other than it came from the request I sent asking Google for their public key. So ... then the NSA just returns a key that says its Google and intercepts the traffic.
The certificate authorities purpose in life is to provide 3rd party verification of certificates in an automated way. What you want is to remove all of that, and do it ad-hoc, by everyone on the Internet. Slashdot doesn't allow posts long enough for me to explain all the ways why thats exactly the opposite of a actual solution.
'Web of trust' doesn't work, we know this because NO ONE FUCKING USES IT BECAUSE ITS TOO MUCH FUCKING EFFORT. END USERS DON'T GIVE A FUCK about verifying every cert they see and will just click Ok/Next/Allow. THAT is WHY we use certificate authorities.
You are proposing nothing new. Its been done, and its failed repeatedly.
Certificate authorities ARE the solution you want, the problem is, no one actually cares enough about security to black ball the certificate authorities that aren't trust worthy (i.e. all of them), which means they certainly don't care enough to deal with the method you propose.