A few days ago I talked about how to fix TLS by ditching certificates and using public keys sent by the websites themselves to authenticate them. That proposal attracted quite some criticism. I realised I didn’t explain the idea very well. So here is an update, to address the comments and to explain the idea better and more precise. Read the original post for some more context and background.