In some cases it can be more expensive for the environment to make things last. For instance, it can be logistically more efficient to manufacture more weak products instead of distributing massive amount of spare parts. Fixing things needs to meet the QoE of buying new instead of the huge waiting times commonly associated with fixing old. In addition, people buy lots of stuff to just collect dust (freedom of choice and all that), if we continue consuming as we do now, and increase the strength of the products in majority of the cases it would count to nothing.

Currently TLS CA model tries to accomplish, identification, encryption, and trustworthiness assessment all at once. Encryption you can get with the self signed certs, domain based identification with something like DANE, and I suppose that CA model could scale to the sites requiring the trustworthiness assessment, e.g. banks and some large websites, which need to secure the binding with their real world presence.

Generating RSA keys is more costly than, for example, ECDH keys. Checks for primality for the p and q, are needed for it to be secure for RSA. In my understangin, any big enough integer is a valid DH private key.

Static RSA would be nice for certain applications, since it is computationally cheaper to do for the client. Also, with DANE for instance, the same primitives can be used to check signatures. Yet, RSA might be costly in the future keylengths. For instance, some say that 256-bit symmetric keys are equivalent with 15k RSA keys.

The French military will use the information for Cybersurrender.

From what I understand from the RFC, the proposal is actually trying to protect from local eavesdropping when accessing http-resources. I.e. you define a trusted proxy, and use HTTP2 with TLS to access insecure HTTP resources through it. This does not offer end-to-end security, but offers protection for the user against local adversaries, such as their ISP.

What have the Romans ever done for us?

Measuring brains is hard. For example, phrenology gives only a crude estimate.

On his mobile, to be exact.

Certificate transparency is a new project initiated at least partly by Google's engineers, which intends to solve this problem with SSL trust model: http://www.certificate-transparency.org/
It uses an append only public log, similar to Bitcoin transaction log to make certificate information public.

I think that this improves password usability and is a move to the right direction. Others should follow instead of making passwords even harder for the end users, the most insane counter examples are the websites that mask your username as well. However, there really should be a switch to toggle this behavior.

For me Eclipse with TeXlipse plugin has been the best so far. It can compile the document and any non-obvious errors get marked on the exact place. Using SVN or git is easy too. Furthermore, common syntax and citation keys can be autocompleted, which is nice if you're working with large bibtex databases.

...Or some notaries could use the current CA system. The point is _trust agility_ and that you if you employ these certificate checks as an extra measure, you can not be in a worse situation than with the current CA system. In a nutshell: You don't have to trust CAs, you don't have to trust DNSSEC and you don't have to trust notaries that just compare certificates. But you can choose to trust them if they agree (and even if they don't).

Damage control is security at its finest. We do not aim for the theoretically secure and perfect locked-down-restricted-with-airgap situation if implementing that security would be more costly than the damages in case of a compromise.

I fucking hate it when people talk about a hypothesis as a theory. Theory is something that works, generalizable and models the real world accurately. Hypothesis could be something like that, but necessarily isn't.