Quote:
Originally Posted by LiquidAcid
No security is better than the false sense of security, which is deceiving and dangerous.
|
This is a patently and dangerously false statement. Let's Encrypt is little more than basic level certification without identification, something that was already possible with self signing before which has been a major hassle since all browsers either make it impossible or hard to add exceptions. The actual security between client and server is fully up to the crypts supported by the client and server, Let's Encrypt is in no way involved anymore at that point.
If you want to talk about false sense of security you should rather look at root cert authority
Symantec/VeriSign buying BlueCoat, a company allegedly involved in creating and selling spyware to oppressive countries. Any root cert authority included in your system has the ability to create faked certs for any site, allowing them to hide man in the middle attacks that otherwise would generate certificate errors.