Agreed about EV, but claiming that the CA system "has a few warts" is similar to claiming Katrina "flooded over a few houses".
I consider the CA model as it exists for browsers fundamentally broken even in a world where everyone configured things perfectly and no bugs exist. It "works" today insofar as (for instance) I don't really fear using my bank, Amazon, etc. But the protection doesn't come because the CA model offers any technically strong way for you to be certain of the identity of the server on the other end. Any assurance you have is based on human factors (thus the push to EV certs - more human verification).
I'm pretty sure there isn't more wide-scale cert forgery only because it is more useful to target individuals, and possibly because those who have the ability to forge, say, Google's certs have an interest in not loudly demonstrating how broken the system is.
Given the number of root certs in everyone's browser right now from entities completely unknown to the users, I really don't understand how people have more confidence than I do.
I'm not going to disagree with you on the CA system (I'd have to understand it more), but aside from being a product of CAs, what is the issue with EV?
EV's biggest problem is DV certificate: it's hard to communicate the nuance between "controls Amazon.com" and "controls Amazon".
EV's were a positive step forward, especially with the introduction of the CA/B Forum, as after Let's Encrypt DVs only value is as an encryption mechanism (i.e. not as security, see phishing).
Those "human factors" are unavoidable - identity is a "human factor".
The integrity of EV is down to the integrity of the CA who are regulated (now) by a strict set of guidelines. So the set of CAs who can administer EVs are a much smaller subset of CAs who can give out DVs.
“This [attack] was extremely sophisticated and critically executed… It was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate. All the IP addresses were from Iran. All the above leads us to one conclusion only: that this was likely to be a state-driven attack” - Melih Abdulhayoglu, Comodo Founder.
Comodo is the CA that issued the biggest percentage of certificates worldwide, they even won an award that year or the year after at RSA conference! If you take a closer look though, as Moxie did[1] - we ’re all grateful - you find out that it takes a douchebag with questionable skillset to bring down the entire infrastructure down to it’s knees. It's hilarious and tragic at the same time.
I will question the relevance of the first half of the talk (about CAs and SSL) in 2015, with TLS and the CA/B Forum.
But his main thesis about trust agility is quite spot on. I'd never considered it before, and am going to look into Convergence and TACK. He raises a fantastic question - the duration of trust is a real concern.
I consider the CA model as it exists for browsers fundamentally broken even in a world where everyone configured things perfectly and no bugs exist. It "works" today insofar as (for instance) I don't really fear using my bank, Amazon, etc. But the protection doesn't come because the CA model offers any technically strong way for you to be certain of the identity of the server on the other end. Any assurance you have is based on human factors (thus the push to EV certs - more human verification).
I'm pretty sure there isn't more wide-scale cert forgery only because it is more useful to target individuals, and possibly because those who have the ability to forge, say, Google's certs have an interest in not loudly demonstrating how broken the system is.
Given the number of root certs in everyone's browser right now from entities completely unknown to the users, I really don't understand how people have more confidence than I do.