This article seems to miss the point that a website rarely serves content from a single domain. If it pulls content from 30 different domains, all TLS protected, would the user get 30 popups asking it to allow them each?
The current TLS/PKI allows for much better UX, users would reject the proposed solution.
Someone suggested some sort of metadata that could be passed down to the browser to say this list of domains or such are valid. But if the website is hacked to have injected metadata put in then I kind of think that's ever worse than the current problem. It gives trust to a domain implicitly.
philliphaydon|9 years ago