Because those ephemeral LE certificates are such a great idea...
replies(6):
Then, when you have only two or three big SSL providers, it's way easier to shut someone off by denying them a certificate, and see their site vanish in mere weeks.
- We went from the vast majority of traffic being unencrypted, allowing any passive attacker (from nation state to script kiddie sitting in the coffee shop) to snoop and any active attacker to trivially tamper with it, to all but a vanishing minority of connections being strongly encrypted. The scare tactics used to sell VPNs in YouTube ads used to all be true, and no longer are, due to this.
- We went from TLS certificates being unaffordable to hobbyists to TLS certificates being not only free, but trivial to automatically obtain.
- We went from a CA ecosystem where only commercial alternatives exist to one where the main CA is a nonprofit run by a foundation consisting mostly of strong proponents of Internet freedom.
- Even if you count ZeroSSL and Let's Encrypt as US-controlled, there is at least one free non-US alternative using the same protocol, i.e. suitable as a drop-in replacement (https://www.actalis.com/subscription).
- Plenty of other paid but affordable alternatives exist from countless countries, and the ecosystem seems to be getting better, not worse.
- While many other paths have been used to attempt to censor web sites, I haven't seen the certificate system used for this frequently (I'm sure there are individual court orders somewhere).
- If the US wanted to put its full weight behind getting a site off the Internet, it would have other levers that would be equally or more effective.
- Most Internet freedom advocates recognize that the migration to HTTPS was a really, really good thing.
I still don't understand why this is so terrible.
Public wifi networks were certainly a real problem, but that's not where the majority of internet usage happens, and they could have been fixed on a different layer.
If you're on a traditional home internet connection, who exactly can tamper with your traffic? Your ISP can, and that's not great, but it doesn't strike me as blaring siren levels of terrible, either. Even with HTTPS, the companies behind my OS and web browser can still see everything I do, so in exchange for all this work we've removed maybe 1 out of 3 parties from the equation. And, personally, I trust the OS and browser vendors less than I trust my ISP!
Some progress is better than none, and it's still nice that my ISP can't tamper with my connection any more. Unfortunate, TLS also took away my ability to inspect my own traffic! This makes it more difficult for me to monitor what my OS and browser vendor are doing, and as I've said previously, I trust these parties comparatively less than my ISP.
> - We went from TLS certificates being unaffordable to hobbyists to TLS certificates being not only free, but trivial to automatically obtain.
Sure, but it's also trivial to just throw up a website on Github Pages, or forgo the website completely and use Instagram. TLS is "trivial" if you rely the infrastructure of a specific external party.
Please help me understand what I'm missing because I find this really frustrating!
This characterization in on the same level of sophistication as "the Internet is just a series of pipes". Every transit station has the opportunity to read or even tamper with the bytes on an unencrypted http connection. That's not just your ISP, it also includes the ISP's backbone provider, the backbone peering provider, your country's Internet Exchange, the Internet Exchange in the country of the website, the website's peering partner, and the website's hosting partner.
Some of those parties may be the same, and some parties I have not mentioned for brevity. To take just one example: there is only one direct link between Europe and South America. Most traffic between those continents goes via Amsterdam (NL) and New Jersey (US) to Barranquilla (CO), or via Sines (PT) to Fortaleza (BR). Or if the packets are feeling adventurous today, they might go through Italy, Singapore, California and Chile, with optional transit layovers in Saudi Arabia, Pakistan, Thailand or China.
Main point being: as a user, you have no control over the routing of your Internet traffic. The traffic also doesn't follow geographic rules, they follow peering cost. You can't even be sure that traffic between you and a website in your country stays inside that country.
In practice this means you have to consider the possibility that anyone on the entire internet can inspect your traffic. Traffic from your home in Seattle to Google's west coast data center? For all you know it could be going via Moscow.
Maybe a more relatable scenario for you - it was only a few years ago that you could turn cable modems into promiscuous mode to see ALL PLAIN TEXT TRAFFIC of the people living in your street!
So, if you you still think encryption isn't needed for the average person - what's your gmail username and password?