> the parent post is clearly about EV certs attempting to provide added trust/identity beyond what's needed for the privacy provided by TLS, and it's skeptical that that's happening.
The (great-grand)parent is probably not talking about EV certs, because then they'd be stupid. They say:
> We could've had a mostly encrypted Internet a long time ago if encryption and privacy were not hitched to a commercial identity certificate with crappy maintenance tools.
...which wouldn't make sense if it didn't include the basic DV certificates, because then those DV certs would be exactly the sort of quick&easy encryption-without-identity they're looking for.
They're complaining about encryption requiring a process that used to cost enough to discourage many people, even for DV certs. The situation has only really changed in the last two years or so with LE, and you can quite clearly see the impact of free certificates and a slightly better process on the rate of encryption.
I'm talking about the overall post (i.e. JoshTriplett's submission) there, not the parentmost comment by payne92. I read payne92's comment as dreaming about an alternate past where something like Let's Encrypt was available from the start because that was the original model of trust in TLS, not authorities saying "we will certify that you are who you say you are" but merely authorities saying "we will certify that someone who proved their control of that domain name recently, said that this was a valid public key for it."
Yeah, I think we're basically in agreement then. Although I'd note that Let's Encrypt's model is no different than the paid DV certificates that came before–they're just giving those away for free. You were always able to get such a certificate without proof of identity, for something around $100/y.
The (great-grand)parent is probably not talking about EV certs, because then they'd be stupid. They say:
> We could've had a mostly encrypted Internet a long time ago if encryption and privacy were not hitched to a commercial identity certificate with crappy maintenance tools.
...which wouldn't make sense if it didn't include the basic DV certificates, because then those DV certs would be exactly the sort of quick&easy encryption-without-identity they're looking for.
They're complaining about encryption requiring a process that used to cost enough to discourage many people, even for DV certs. The situation has only really changed in the last two years or so with LE, and you can quite clearly see the impact of free certificates and a slightly better process on the rate of encryption.