That model works passably well for SSH connections. You make perhaps tens of those connections every day, from perhaps several devices.

It doesn't work at Internet scale. It's too insecure. It's very unlikely that key continuity is going to replace PKI in HTTPS.

Do I have strong opinions about PKI vs. key continuity? No. All I'm saying is that it's not a panacea. SSH-style key continuity is not the global solution for the certificate warning Firefox is annoying you with.

You realize that Firefox already does this, right? Just hit "add exception" when the dialog pops up. Look! It works just like SSH!

Arguably, the right way of doing it is to use both. PKI to auth first connect, remember the chain to prevent bad CAs from giving certs people pretending to be BoA.

Why not abandon central key authorities and go distributed? Bring social networks and the web-of-trust together.

  "3 of your friends have said that they trust this
  certificate from Amazon.com. Do you want to accept it?"

If I had a dollar for every time a friend clicked a .exe email attachment, I'd be a very wealthy man. I damn sure don't trust my friends to verify the security of a cert.

I have some security-savvy friends (who I'd trust) and some not so smart friends (who I don't trust on this subject). So, the obvious idea is to put weight coefficients on WoT digraph edges. But I have a feeling that this would be too complicated to manage.

Your mom would trust you and then her friends would trust her, then they'd all get burned because she meant to click No one time and it would all be your fault.

I don't care how you set up the PKI. You can use a carrier pigeon trust network if you want. If you can beat SSL's PKI then brilliant. The important part is to use PKI to auth first contact and verify no unseemly changes happen during subsequent contacts by bothering to remember the previous cert chains.