-first, relying on DNS for certificate distribution might not be a good idea. It adds complexity, would not be secure without stuff like DNSSEC, and places too much responsibility on DNS.
-second, you could have gained a lot of CPU time in 1995 when static pages were the norm, but right now, for apps using AJAX heavily, you will not gain much.
-third, it does not prevent MITM. I can mount a server between you and the website, and keep serving you outdated content with its valid signature. Or serve you prepared content that I received earlier.
-last but not least, TLS certificates are cheaper and cheaper these days (not necessarily a good thing, though), and encryption doesn't cost much anymore.
Apart from that, I agree that would have been a cool idea :)
It's an interesting idea. I'm curious about the point (²) about cache hits where there are currently misses. What scenario would this happen in? If you're pointing to the same cachable resource on different pages, it should be cached anyway.
-first, relying on DNS for certificate distribution might not be a good idea. It adds complexity, would not be secure without stuff like DNSSEC, and places too much responsibility on DNS.
-second, you could have gained a lot of CPU time in 1995 when static pages were the norm, but right now, for apps using AJAX heavily, you will not gain much.
-third, it does not prevent MITM. I can mount a server between you and the website, and keep serving you outdated content with its valid signature. Or serve you prepared content that I received earlier.
-last but not least, TLS certificates are cheaper and cheaper these days (not necessarily a good thing, though), and encryption doesn't cost much anymore.
Apart from that, I agree that would have been a cool idea :)