I didn't know that. I didn't consider WebTransport. I'm reading about it now. I'm already both excited and bummed. A certificate hash isn't as good as a raw public key. With a raw public key I can a-priori know exactly what to expect before ever connecting. With a certificate hash I need to actually have the server certificate first which has a signature I could not predict a-priori. This can be worked around though. I really hate the baggage of certificates (X.509 is a nightmare of ancient crap). But the industry won't let it go.

So WebTransport still fails us in a few ways: * You still lose Tor support. Tor is TCP based. * You can't connect to a server and verify it by it's public key, you have to have a hash of its certificate somehow * Client-side certficates still use Web PKI, so can't be used for AUTH * You layer on a lot of complexity (

WebTransport

is not straightforward) with marginal benefits. I agree with @Daniel Wigton about being "connection type agnostic". A message-based protocol can run over any transport, including bluetooth, or paper airplanes.

I am doing my own certicates. I am basically doing my own everything. 😛 Mostly because I want to be able to think about how things aught to work rather than how they do. I want my certs to map 1-1 with application scopes. Why? Because I don't want crappy applications anywhere near keys I didn't give them access to. Also you almost never want to use you master Identity key. Every time you unlock it is a chance for compromise. We can't expect grandmother to know good key hygiene