It's not worse; it's just exactly the same broken model, now for no money and being pushed on everyone.
All this because a couple of theorists in the 1990s decided that security requires authenticity, despite decades of research to the contrary.
There are all kinds of ways to establish authenticity of counterparties. Entire books are written about that. There are much better ways than our current CA model. But we don't need any of them to have passively secure transport, over which we can then negotiate authenticity.
This is arranging deck chairs on the Hindenburg. It's nice that people will (once they finally get around to issuing certs "in mid-2015") be able to have zero-cost certs, but it doesn't change the fundamental broken-ness and wrong-headedness of having CAs in the first place.
Who claims that you can't have a passively secured transport without authentication? I mean, SSL/TLS itself uses DH key exchange, which can be used for that purpose.
The problem is having secured transport against active attacks as well, and without forcing the user to know anything about the site besides its ___domain.
The problem, which I've stated, is not that Let's Encrypt is doing something bad. It's that they have zero economic incentive to protect their brand when a subpoena comes for their private key. If you think this doesn't matter, I honestly recommend studying economics. I'm not being sarcastic at all. In fact, https://en.wikipedia.org/wiki/Economics_of_security, albeit short, is a great place to start.
All this because a couple of theorists in the 1990s decided that security requires authenticity, despite decades of research to the contrary.
There are all kinds of ways to establish authenticity of counterparties. Entire books are written about that. There are much better ways than our current CA model. But we don't need any of them to have passively secure transport, over which we can then negotiate authenticity.
This is arranging deck chairs on the Hindenburg. It's nice that people will (once they finally get around to issuing certs "in mid-2015") be able to have zero-cost certs, but it doesn't change the fundamental broken-ness and wrong-headedness of having CAs in the first place.