Chris… I think you’ve missed a couple important points: First, if a blog site has no information needing protection I have said LE is perfectly fine. My objection is to representing to businesses that LE “secures” their website. It clearly does not.
Secondly, both for profit and not for profit models have their strengths and weaknesses. For profit models can incentivize cutting corners. Not for profit models can incentivize laziness. I sought to point out the weaknesses in the not-for-profit model. Again, LE is just as convenient for criminal intent as it is for legitimate intent.
My article explaining the value of Extended Validation (EV) certs is based on domain spoofing — an emerging challenge in cyber security.
Here’s a real world example: My company (and I am not identifying it because I do not want to be accused of cheaply trying to attract marketing attention to it) is renewing its cert right now. We are in the process of validating the org for an EV cert. The original DV cert expired yesterday. So I temporarily fired off an LE cert to keep the site encrypted. LE is perfect for my needs right now — a transitional period of a week or so until the EV cert validation is complete.
Now, you might complain my headline is a bit sensational in that context. Fair criticism… But I think you’ll agree that if I wrote a “technically sound” article, no one would have read it. Instead, I opened myself to a heap of ridicule (on purpose) so we could have a substantive discussion on the difference between encryption and trust.