Sorry, man… if you don’t have an SSL cert your site will be pushed down in SE results by Google. That is the main reason people are obtaining them. My point in writing is to try and get folks in tech to think like folks outside of tech… The business people look at their website and see either a branding tool, a lead gen tool, or both… So if SSL is required to keep their site visible by way of search rankings… they are going to obtain it. And if they see “free” and “automatic” they are going to go that route… so now everyone is piling into a single CA.
The cross signing of intermediates by IndenTrust mitigates this risk somewhat, but also supports my main thesis.
Stop with the group-think… Get out of the crowded perspective and find another perspective from which to look at encryption, and you might see things differently. Encryption is only as trust-worth as the key management system out from which the certs are issued.
People should be worried about LE. The danger of the idea that cybersecurity can be pawned off to something in a “fire and forget” manner is exactly why I wrote this essay.