Government Sites That Use Centralised CAs Are Still Remotely Controlled by MElon and GAFAM at the Oval Office
Even governments outside the US (or hostile towards the US; or suffering the wrath of the current administration for no good reason)
GAFAM works for them, it really does.
Earlier this month 'only' 91.4% of Gemini capsules were serving self-signed certificates [1, 2]. Things have improved since then, at least in Geminispace.
That's an improvement. We need to strive for 100% though.
It's not an overstatement; if you're using the CA cabal/cartel (few that only trust one another), then whatever service you have depending on them (not limited to Web sites) is at risk of being blocked, not only by unforeseen revocation, lacking both transparency and due process. That's a lot of power/leverage given to people who do nazi salutes as "pranks".
The technology stack we currently have isn't trustworthy; the people who ask us to trust them serve people who only serve themselves.
Many people who kept arguing for centralisation helped build the "infrastructure of terrorisation". Didn't see it coming, didn't want others to (fore)see that either.
This is your 'daddy', 'nanny', and 'boss' now.
Enjoy your 'security'...
After all, Let's Encrypt is "Free", right? "X" is also "Free". Pigs get "Free" food at the pen (before they become "pork").
Enjoy your pseudo-progress with pseudo-security; Dr. Andy Farnell commented on this kind of "Trust" fallacy only a couple of hours ago. █