It's pretty funny. The existence of LetsEncrypt is pretty much just the local mafia offering to provide "protection" for free to businesses under $XXX per year*, and apparently that has had the effect that everyone now loves the mafia. "Why don't you have the 'under protection' sign on the door? I'm not sure I dare to enter your shop."
I do wonder if the people in this thread defending the X.509 system even know how it works. For the sake of clarity, your operating system comes with a (long) list of root certificates, and a certificate that is signed by
any of them is considered valid and completely secure. Have you checked the list of authorities that your web browser/operating system trusts? As it stands, you implicitly trust all of these many dozens authorities, ranging from private corporations with ties** to any and every three-letter organization you can think of, American or otherwise, to authorities directly run by pretty much any state actor worldwide. You do realize that anyone wanting to eavesdrop on you doesn't need ties to the authority that issued the certificate of the site you're connecting to, but simply to
any one of them? You may meme about how insecure self-signed certificates are, but if you step back and think about it for just a second, you should realize just how ludicrously stupid the system is. Out of all the alternatives, it's arguably the single worst way to implement certificate authentication that you could think of. Unless you want to be able to eavesdrop on people, that is. Then it's great.
And there are so many good alternatives, too. PGP-like web-of-trust models aside, it would have been
easy to implement a LetsEncrypt-like system of domain validation just by putting the correct certificate in DNSSEC instead of using a CA. You'd get all the upsides of LetsEncrypt with none of the centralization. There even
were attempts to do exactly this, but they were apparently dropped because of LetsEncrypt. Go figure. I wonder who wanted that. Apparently Google didn't not want it, at least.
And the problem isn't just limited to eavesdropping, trust and centralization, either. It's also very technical with the X.509 format only allowing one single signer per certificate. If I could simply
add LetsEncrypt as another signer on my certificate, I would have
less compunctions about it, but the fact that it needs to displace my own certificate really is a nice finishing touch. Doing that actively makes the alternative TLS validation in the client
less secure.
The worst thing is that LetsEncrypt has come around and entrenched the CA system much further than it ever was prior to it, because "now that everyone can get a 'free***' certificate" browser implementations have started forcing it upon everyone, as detractors of private signing have amply demonstrated in the thread. Prior to LetsEncrypt, there was actually some legitimate debate around the CA system, but I guess it's just not important any longer, all thanks to LetsEncrypt. :P
And indeed that has clearly had its effect on the public opinion displayed in this thread. I mean, don't get me wrong, it's not like I don't recognize the importance of encryption or anything, but I would remind you that LetsEncrypt has only been in public operation for hardly five years, and prior to that, running unencrypted web traffic was considered completely normal for sites without special security needs. Public WiFi may have become slightly more common since then, but the vast majority of people do connect via connections where you'd expect a man-in-the-middle-attack about as much as (or arguably less than) you might expect a false CA-issued certificate anyway.
WojtylaKarol wrote:Still, your previous statement is wrong, it is not any issue with browsers, it is normal behaviour for browsers to accept only the certificates signed by trusted providers aka CA.
No, his statement is not wrong, because that being the normal behavior is precisely the issue with the browser implementations. I do have to say I find it pretty ironic that you have all these strong opinions about network security and yet you have
zero compunctions about any of the above, as if it didn't even matter. It's one thing if you come out on the side of the CA mafia in the end despite that, but not even acknowledging the issues with it is a pretty simplistic and non-nuanced position to take.
But, it seems everyone loves the mafia these days, so the day may not be far off that I too need to join the ranks of the protected. It would be a real pity if that nice site of yours got buried in the Google search results huh, wouldn't it? Who ever needed a free and decentralized Internet anyway? I for one can't wait for the day when LetsEncrypt stops issuing certificates to sites with uncomfortable political opinions.
*
Yes, I realize that LetsEncrypt is free for everyone and the analogy isn't perfect, but instead it isn't free for anyone with even slightly special requirements or circumstances, nor does it take away its connections to the CA mafia.**
Not just alluded or confirmed by third-parties, but self-admitted and advertised!***
In terms of money and money alone.