The entire behavior of the PKI regime seems like satire, but here we are. A massive amount of fragility introduced to the Internet to basically protect a few edge cases while not addressing any real practical attacks.

It's been six years, this author is still right, and now the idiots at the CA/B have decided to move the bomb to a 47 day timer for the whole Internet.

MITM of unencrypted HTTP was so common that it was outright a business model for many ISPs.

Anybody could look up a guide online on how to monitor who at their starbucks was logging into Facebook or whatever. We were having to train a generation of humans to be afraid of public wifi.

> it was outright a business model for many ISPs.

I'm not sure if I would object to that if it would be used sparsely and you could opt out.

It was not and you could not.

You could tell many different stories for how we got from a world where people made their own web sites to one where people just post on Facebook, but the transition to https is part of that story.

My dude, before HTTPS, anyone could go to a Starbucks and skim every customer's Facebook session with a free Firefox extension. That's not an "edge case."

I even remember running some prank app on my Android that MITM-ed everyone's connections and started slowly removing letters from the website or replaced all the images with cat pictures. It worked super well. That could've have been more than 10-15 years ago.

Things have improved significantly with HTTPS adoption.