Re: Not https as it is right now
"Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem."
What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too.