Adam Langley and I have a proposal to bolster up the rather fragile Certificate Authority infrastructure.
TL;DNR: certificates are registered in a public audit log. Servers present proofs that their certificate is registered, along with the certificate itself. Clients check these proofs and domain owners monitor the logs. If a CA mis-issues a certificate then either
- There is no proof of registration, so the browser rejects the certificate, or
- There is a proof of registration and the certificate is published in the log, in which case the domain owner notices and complains, or
- There is a proof of registration but the certificate does not appear in the log, in which case the proof is now proof that the log misbehaved and should be struck off.
And that, as they say, is that.
Update: Adam has blogged, exploring the design space.