I'm very concerned about the move to "TLS Everywhere". Not because I am opposed to TLS security, but because of how TLS is currently implemented in major browsers. The Internet is supposed to be open for all. And historically, it has been. Anyone can create a website and post it online, and there aren't any gatekeepers. The problem with TLS, however, is that all major browsers will block your website unless you have a certificate signed by one of a small handful of "Chosen Few" Certificate Authorities that are hard-coded into the browser. This effectively means that in order to add TLS to your website, you need permission from a very small handful of approved people. This makes the TLS/HTTP2 Internet almost like an app store. You can't run an app on an iPhone without Apple's permission, and you won't be able to have a website that isn't blocked, unless you get a signature from Verisign, Comodo, or "Let's Encrypt". Let's Encrypt doesn't solve this problem. It's free to put an app in the Apple app store, too. It's the permissions, or the gate-keeping, that is the issue. In order for the Internet to remain free and open, we need a system where websites can use TLS security, and have their pages load in all major browsers, **without** needing any permission from a TLS Gatekeeper. In short, the current TLS system, as implemented, is a backdoor to Internet censorship. We need to come together and find a better way.
