[geofft]

Well. The CA model is community trust. I am told all the time, often by news websites, that my government now trusts or distrusts some other government, that my employer now trusts or distrusts or is even part of some other company, etc. I don't know if I personally think that the embargoes on Cuba should be lifted, or my company's new vice president is qualified for the role, or (if I worked for VMware) Dell is a good employer, or my savings should now be held by Bank of America, or whatever. But that's how living and working in a community works.

If you have secrets that are too sensitive for community trust, there are other mechanisms, but they typically have trouble scaling very much beyond continuing a previous face-to-face relationship. For the question of whether, say, news.ycombinator.com is who they say they are, I don't care enough to take Caltrain down to YC's offices and check a fingerprint posted on the wall, if they had one. What I care is that, at scale, the certificate authorities I trust will do a good job of verifying identities and running secure systems.

And I am not an auditor or pen-tester of large companies, and even if I were, I wouldn't want to spend my spare time auditing and pen-testing all CAs just before I can use the internet. (Importantly, I am not an auditor of web browsers or SSL implementations either, and since I outsource my trust to my browser / SSL stack, it's not useful for me to be skeptical of the CAs unless I'm also skeptical of the code.)

Remember that the CA model is bare-minimum security. (Some of the CAs find money in telling you otherwise, but they're stretching the truth.) All it's providing is the security that, in a perfect world, you would have gotten all along from DNS and IP. If you need anything more than bare-minimum security, there are tons of options, ranging from the SSL-based (EV, HPKP) to the completely unrelated (PGP, Pond, etc.). But the world needs a good mechanism for the simplest security that could possibly work, and the CA system seems to have settled into that role.

[hellbanner]

CAs are CAs because they established themself. Personally I don't trust them because they are susceptible to MitM attacks & government intervention attacks.

Some Mesh Networks & protocols like the Tor Browser use an IP derived from a public key.. so you're absolutely sure that who you're talking to is who they say they are.

Why can't we have our cake (long distance electronic communications) and eat it too? (encryption & assuredness of identity)

Celebrating "trustedness" of LetsEncrypt only perpetuates the belief that CA is working fine.

EDIT: See below discussion by other posters