pubkey-based ToFU

[James-E-A]

The problem with [warning the user every time a web server changes certificates] is that it is likely to suffer from an extremely high false positive rate. Each time a website intentionally changes its certificate, the browser displays a warning that will needlessly scare and soon desensitize users. There are many legitimate scenarios where certificates change. For example: Old certificates expire;
certificates are abandoned and or revoked after a data breach that exposed the server private key; and many large enterprises that have multiple SSL accelerator appliances serving content for the same domain use a different certificate for each device. By adopting a Trust-On-First-Use policy, we assume that if a website starts using a different certificate issued by the same CA that issued its previous certificate, there is no reason to warn the user. This approach enables us to significantly reduce the false positive rate, while having little impact on our ability to protect users from a variety of threats.

From "Certified Lies" — seems strange to focus so much on the certificate (a timestamped attestation of authorization for a given key to serve as a web server for a given domain) rather than on the key itself

If the feds compel my current CA to issue them an interception certificate, this will not pop positive under Soghoian's proposed method, despite the fact that it will clearly refer to a different private key than the server's existing one.

Any ToFU should focus primarily around the key itself than the CA — this will avoid easily-preventable false negatives while preventing false positives in cases where the server switches CAs for a legitimate reason.