You can do two things at the same time. Advocate for a better cert solution while advocating for HTTPS everywhere.
The truth is that currently, RIGHT NOW there are dozens of government agencies monitoring HTTP traffic that includes things like Bing searches (!) which millions of people do and do not realize are not private. Browsers need to be designed to aid laymen when things are insecure.
Lastly, I don't know if it is you specifically, xamuel, but there is a history[1] of government agents infiltrating influential organizations and communities in order to slow down movements, change prevailing attitudes, or discredit the members there. I think in cases like this it is important to remember how influential Hacker News is, since it feeds publications that set public perceptions about technology, like Wired and the New York Times.
[1] Operation CHAOS, Project MERRIMAC, Project RESISTANCE, Operation Mockingbird, GATEWAY, CLEAN SWEEP, UNDERPASS, and many others.
What's the difference between infiltration and legitimately voicing an opinion? Should government agents not have a seat at the table in an open forum like HN?
Excellent point. What does that mean for civilians on that side of the argument- do they have to prove their status? Do the government's actions mean we can't assume good faith anymore?
Anonymous/pseudonymous speech is a long standing tradition of free speech, which many of us are enjoying right now right here. However, there is a difference between private conduct and conduct as a government agent. Government is an agency owned (ultimately) by the people and created by them to achieve certain purposes. To further those purposes, people can institute rules of conducts for the agents of the government. Not using anonymous/pseudonymous speech while performing government duties may very well be one of these rules. Not because government is always evil, but because we think our goals will be achieved better if government would act openly and identifiably and the reasons why we value anonymous/pseudonymous speech largely do not apply to the government actions. The government as such does not have inherent rights that people have (though its agents have them as people, but when working for hire as agents they may be bound by stricter rules than in their private life). That is the difference.
Given that the context of this discussion is using HTTPS on .gov websites, isn't it reasonable to assume that other government departments will provide their private keys to the relevant SIGINT agencies?
I don't see that HTTPS-encrypting .gov websites provides much security advantage.
The truth is that currently, RIGHT NOW there are dozens of government agencies monitoring HTTP traffic that includes things like Bing searches (!) which millions of people do and do not realize are not private. Browsers need to be designed to aid laymen when things are insecure.
Lastly, I don't know if it is you specifically, xamuel, but there is a history[1] of government agents infiltrating influential organizations and communities in order to slow down movements, change prevailing attitudes, or discredit the members there. I think in cases like this it is important to remember how influential Hacker News is, since it feeds publications that set public perceptions about technology, like Wired and the New York Times.
[1] Operation CHAOS, Project MERRIMAC, Project RESISTANCE, Operation Mockingbird, GATEWAY, CLEAN SWEEP, UNDERPASS, and many others.