

Why “Let’s Encrypt everything” misses the point - m545
http://guardtime.com/blog/why-lets-encrypt-everything-misses-the-point

======
fwn
Just because securing http is not necessarily considered the "biggest
challange" it's not useless or even harmful.

I don't see Let's Encrypt initiators communicate their project as the only
action needed to fix all web security problems. (Not even to discuss the legal
ones..)

Edit: Actually I think their "what we are" statement couldn't be more straight
forward: [https://letsencrypt.org/](https://letsencrypt.org/)

------
m545
If you don’t have the guaranteed endpoint integrity, the privacy of citizens
(and everyone else) through encryption of communications is impossible.

------
higherpurpose
It's a good debate to have, but I don't think it "misses the point". Securing
a system or the data going through it needs many things. If you secure the
system locally, but send the data to the user in plain text, through cables
that NSA gets full access to, then that's not good either, is it? At least
compromising the systems means they have to actually hack it, and not just let
the data come to them.

