[hd4]

>“In response to a court order against Sci-Hub, Comodo CA has revoked four certificates for the site”

I think they have more pressing concerns than ethics and morals. I'm not saying I agree btw. I think it's precisely moves like this that will undermine the concept of security certificates entirely, to the point where no one will concern themselves with a site having a legit CA certificate or not. Similar to how cryptocurrency is undermining our precepts of fiat currency. People will start to feel at some point that it matters more that there is a secure channel to the site they're using than the certificate authority who tells you whether that site is legit.

[saurik]

But without a CA, the current SSL system (which I agree sucks) does not actually offer much security: your "secure channel" can be trivially man-in-the-middle'd.

[hd4]

I thought we were all using TLS..

[lvh]

How do you know there is a secure channel to the site? If the certificate doesn’t have to be CA signed, I can produce a certificate for google.com.

[hd4]

That's the point I was making, we won't know, we'll have to come up with a way of dealing without a central authority because the people who want to be our current central authorities are starting to show signs of being compromised.

Also yes you could produce a certificate for google.com by trying to MITM between me and my ISP, but if you managed to do that, I think I'd have bigger problems to worry about than getting to the real google.com.