Kicking the Certificate Habit →
Dr. Jaap-Henk Hoepman's security posts (via his blog), detailing his provocative yet fundamentally sound thoughts on the subject of terminating the utilization of certificates is today's absolute MustRead.
The basic idea - A few days ago I explained the idea including a mechanism to detect phishing attacks. This makes the protocol more complex, and creates confusion. So let’s try again, explaining the basic idea first. Whenever a browser sets up a new TLS connection with a domain, the web server serving that domain respond with its public key (instead of a certificate, as is currently the case) in the initial TLS handshake. (This is more precise than saying that the web server sends its public key in the header of every page it sends.)... Read more at Dr. Hoepman' blog