[pgporada]

You're insinuating that the Let's Encrypt roots are compromised?

https://letsencrypt.org/repository/#isrg-legal-transparency-...

[pennomi]

No, but it’s a well-established fact that some CAs are run by governments, some of which are publicly trusted by browsers.

[tptacek]

The mainstream root stores all require Certificate Transparency now.