
Several Horror Stories about the Encrypted Web [video] - grey-area
https://www.youtube.com/watch?v=bi3SA6jgIZ8
======
baby
1\. There are too many CAs

2\. so let's create another CA!

The transition here was weird.

Also, there are now a HUGE number of certs signed by let's encrypt. Isn't that
a problem? Remember Comodo now too big to get removed?

I guess let's encrypt cannot sign intermediate CA certificates and that's a
good thing, and we should have more CA like that and less CA like Comodo. Also
if they are free (I still find it mindblowing that you have to pay for
certificates) and are quick to implement/respect new rules directed by the
cabforum. Then it is an improvement of the current internet PKI.

Now what about better/other solutions to secure internet? I'm still scared of
having to trust thousands of CAs that all have the same power.

~~~
kevin_thibedeau
> I still find it mindblowing that you have to pay for certificates

You pay for the CA to verify you are who you claim to be.

~~~
mirimir
But who verifies that the CA is who they claim to be?

Or is doing what they claim to do?

Maybe they've been hacked, or infiltrated, or sold out, or ...

If I'm American, do I trust Chinese CAs? Or _vice versa_?

~~~
c22
Presumably this is the job of browser vendors.

------
joshuak
This is actually a great letsencrypt.org intro. Too bad it's not labeled that
way here or on youtube.

~~~
nickpsecurity
Yeah, I suggest them changing the title to something that says it's
letsencrypt. Had I not glanced here, I'd have totally skipped it thinking it
was some scare tactics from security industry or government to push their
agendas with.

