[smoyer]

Betteridge's Law says "No" ... and given certificates are generated locally, I don't see how the certificates themselves could be compromised. The trust in a certificate (or trust in a false certificate) could potentially be manipulated in by and upstream party.

[45ure]

The 'law' is more of an observation and generally applies to headlines. I feel you are being overly dismissive, as a question is being asked is in a dedicated section. There have been instances of CA's, most notably Symantec, which have turned out to be bad apples. There is a constant stream of news dispelling myths surrounding seemingly reputable firms regarding encryption/privacy. Whether these incidences are related or not, discussions like these need to be afforded a lot more leeway than most, and fleshed out, rather than being stifled.

[smoyer]

I'm not arguing against having the discussion ... my point is that trust in any certificate is reliant on its chain-of-trust and so if Let's Encrypt has this problem, you can't trust other certificates either. But the implication in the head-line is that the NSA/CIA are controlling Let's Encrypt. If that's true, then we've got a real problem ... on the other hand, I think other CAs have shown that, through incompetence or malice, they can't always be trusted either.

[JohnFen]

> if Let's Encrypt has this problem, you can't trust other certificates either.

To be perfectly honest, I don't really trust the other certs, either. I mean, I pretty much have to, and having a mainstream CA sign a cert does provide a bit of reassurance -- but only a bit. I don't really consider CA signing to mean that the cert is "trustworthy", because I don't really trust those CAs, so if they're the anchor for a chain of trust, then the chain of trust is weak.

[nullc]

HTTPS certs provide extraordinary limited security in any case, there is no need to single out lets encrypt.

If you can receive a http request destined to the target domain (e.g. via MITM near the real target, DNS hijacking, or route hijacking, or MITM near a CA) then you can get a cert issued for that domain by pretty much any popular CA.

With security so limited what would be the purpose of compromising lets encrypt?

[nullc]

Massive downvotes but no responses.

Is it because you accept that the security provided by HTTPS is limited but don't like people calling that out?

It's better than nothing. But it is my perspective that as technical experts any time we are not absolutely frank about the limitations of the current model against powerful MITM attackers we are behaving unethically.

There is absolutely no reason for any major state attacker to compromise letsencrypt. Beyond the weaknesses I enumerated above state actors have their own CAs which are accepted by browsers and pinning is effectively dead ( https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browse... ).

What exactly could a state actor hope to accomplish by compromising letsencrypt that they couldn't already do more easily and stealthily?