Browsers need to remove all CAs except Let's Encrypt.
CAs have proven again and again to be ridiculously insecure, and the problem is that there is no penalty for their mistakes.
So just remove them all, after a warning period: Let's Encrypt is enough.
Or if they want to stay in business and be trusted by browsers, then require them to put up at least $100k in cash in escrow for each certificate they sign, which is forfeit if there's evidence that any compromise of that specific certificate, due to their fault, has or may have happened, with at least half of the money being distributed to whoever provides the evidence first.
> Browsers need to remove all CAs except Let's Encrypt.
No. I love Let's Encrypt, but we can't put all our eggs in a single basket like that.
Now, if we could somehow foster multiple non-profit organizations like Let's Encrypt, but run under the aegis of different boards and sponsors, I'd be 100% for this idea.
It's very odd that companies for whom CAs business is quite literally a money printing operation can't be bothered to do the relatively minimal maintenance and care required for a trustworthy CA. A bizarre and unexpected failure of the market.
This market failure is neither bizarre nor unexpected. The CAs are like ratings agencies in the financial crisis: they are in the business of selling to one party (the website) a credential that they offer to a third party (the browser). Their incentives are aligned to make them sell certificates as cheaply as possible, and they are of course willing to trade off as much security as possible for convenience/cost, as long as they don't go over the lines defined by internet governing bodies and browser vendors. And when they're pushing those boundaries, every once in a while they're going to make a mistake.
The consumers are, partially, buying a product they can't see: The security operations of the vendor.
Given the consumer has imperfect information, it is exceptionally profitable for a supplier to just not invest in security. The downside being the risk of compromise.
A market set up this way entirely predicts low-cost suppliers. With no way for consumers to introspect security routines, two vendors will appear to simply differ in price. The outcome is rather obvious.
Security requires that ALL CAs be secure, since any compromised CA can compromise all websites (barring fragile schemes like pinning or certificate transparency checks), so the less CAs there are, the more secure the system is.
It's like a building that needs secure doors: it's better to invest in a single, massive, bulletproof, guarded door rather than inviting anyone who meets some standards to add a door to the building, since what matters is the weakest door.
The proper solution is to actually make sure the CAs are secure, it doesn't matter if there are 1 or many. Also more CAs mean that any problems are only localized to their certificates instead of the entire internet.
I'm not sure that's as good an idea as you think. Even LE has designed ACME to ideally be replicated elsewhere. The big problem with having only one CA is that if they get compromised or go down, that's the entire internet. For good reason, it's not like you can launch a CA in a day, so we will always need a few horses in this race. Culling the herd isn't a bad idea, but without some diversity any issue could be catastrophic.
The simple solution is to always require a certificate by Let's Encrypt, and allow the website to optionally present a second OV/EV certificate in addition to the Let's Encrypt DV certificate.
Although it's unlikely that's of any use, since unsophisticated users aren't going to differentiate, and sophisticated ones can use other means to verify identity.
CAs have proven again and again to be ridiculously insecure, and the problem is that there is no penalty for their mistakes.
So just remove them all, after a warning period: Let's Encrypt is enough.
Or if they want to stay in business and be trusted by browsers, then require them to put up at least $100k in cash in escrow for each certificate they sign, which is forfeit if there's evidence that any compromise of that specific certificate, due to their fault, has or may have happened, with at least half of the money being distributed to whoever provides the evidence first.