The most serious objection I can see for any scheme that accepts untrusted certs without bothering user with it, is that it can be thwarted by constructing a proxy that impersonates remote SSL sites with lookalike certificates of its own. So the browser damn well can't just decide silently to proceed when it sees a self-signed cert.
And now comes the problem: Does the user really know if the site is supposed to have a real certificate instead of self-signed one? So you get back the UI question that says something like "This site has a self-signed certificate for privacy protection only. Proceed to connect? [N/y]" and most users will answer "y".
This, in effect, reintroduces the simple warning we just get rid of, and undermines the security of the real certificates by making it easier to substitute them with self-signed ones. In effect, the whole value of this new scheme is in the fact that it is actually annoying and scary. We could, I guess, introduce http/1.2 or something that encrypted ordinarily plaintext traffic, though. Just don't call it https, and don't tell user about it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds