[email protected] wrote:
I know about Let's Encrypt and I believe it's a great idea. But helping people switch from HTTP to HTTPS is one thing and forcing people to switch is another.
Censorious world governments, Comcast, AT&T, and other organizations are forcing this switch when you consider this from the perspective of data integrity and authentication. Those organizations are inspecting what people upload and download, and/or injecting data into webpages users receive en route. The Mozilla FAQ[1] was quite clear about this:
[...]as long as your site is not secure, it can be used as a weapon against your users and against other web sites. More nonĀsecure sites means more risk for the overall Web.
One should place blame where it belongs, not with efforts making changes that should have been made long ago.
[1] https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf specifically "But there's nothing secret on my site! Why should I bother with encryption?".
