[grey-area]

Probably just that we're being told who to trust, instead of deciding who to trust.

[cpach]

I guess we could have some kind of web of trust system instead. But are there any web of trust systems that actually work in practice?

[Natanael_L]

Allowing multisignature models would at least drop the single point of failures, by being able to require verification from multiple CAs. In combination with certificate transparency and DNSSEC+DANE it would add much stronger security.

[gopowerranger]

So you trust yourself more than everyone behind Let's Encrypt, et al? Of course, you don't have to use Let's Encrypt so you do have a choice.

[grey-area]

I think the criticism was meant as one of the CA model, not Let's encrypt specifically - you have no choice about using CAs if you want to use https to serve a site to normal users. Also, I'm not the OP and think Let's Encrypt specifically is a great idea, already on the waiting list.