Amen to that! ...What "problem" are "we" trying to solve here?? MITM attacks...on what exactly?? It's publically available content ... So it would be an idiotic waste of effort to break into a stream of data that you could much easier just go read on your own. That's like encrypting all the billboards on the side of the highway so people have to get and be wearing very special - and very expensive - glasses to be able to read your advertisement messages. WTF is the point? ...Complexity for the sake of itself?? A placebo level of reassurance that people are then "protected" from an academic exorcise that nobody in their right mind is dumb enough to bother with?-Stoic Joker
The point in encrypting
everything is that encrypted traffic doesn't stand out - it's an act of solidarity. It makes dragnetting and mass-bruteforce-decryption harder.
Now, the whole CA system is
massively broken, so yeah, nation states and sufficiently funded rogue actors won't have trouble getting a cert so they can pose as you - that
can be detected client-side, though, by checking certificate fingerprints (and yes, it's problematic that certificates are usually generated by CAs - there's no guarantees they don't keep a copy of the private key part). But at least it's theoretically possible to guard against rogue certs, and I do use
Certificate Patrol myself. It generates a
lot of noise for regular web browsing, though.
Also, while it's easy enough for the big bad players to get an impersonating certificate, this will not allow them to decrypt
past communications.