Https everywhere is a good start, it keeps the other plebs at the coffee shop out of your business. But it's still open to anyone with enough power to coerce a CA, which is the more concerning sort of adversary anyhow. So yes, https everywhere, but let's not stop there.

▲

dannyw 5 days ago | parent [-]

Yes, but we have widely deployed efforts like certificate transparency, and cert pinning.

The first makes such attacks widely known events, browsers report by default, and it s provable. It’s very rare.

The second allows apps to only trust specific certs or CAs, ignoring system root of trust.

I just want to clarify HTTPS in practice is quite secure.

	▲	__MatrixMan__ 5 days ago \| parent [-]
		I'll not let go of my distaste for roots of trust in any form, but you likely have a point. I'll have to learn more about this transparency thing.