Why?
Why should I trust a certificate from Lets' Encrypt more than I do one from any of the other authorities that come with my browser? I do so because I must trust some of them in order to engage in commercial transactions on the internet, and without a good deal of labor cannot determine from which of them I might choose to remove trust without disrupting that. In trusting them I am, in fact, trusting whoever packaged the in-use browser, whether Google, Mozilla, or some other, whom I have no real reason to trust. A quick examination shows that the first few in this browser expired earlier this year, and the next few were issued long enough in the past that I doubt their key length despite the fact they are marked for expiration more than 20 years in the future. Over the last few years, I have had to remove trust from some when they were compromised and fake certificates were issued using their signatures. The whole arrangement strikes me as shaky, and it is not obvious that adding a new CA will bring a large, or even measurable, improvement.
Biting the hand that feeds IT
