We ended up with a situation that is still far better than using http everywhere. Remember, IT security doesn't have to be absolute. What you do is largely dependent upon your threat model. Not everyone needs to be defended against three-letter agencies, but this is still probably good enough to defend against your local police department or a script kiddie.
> Remember, IT security doesn't have to be absolute.
The field of applied cryptography is absolutely reliant on near physical unbreakability of its algorithms, or it doesn't work at all. (you need n-times the life time of the universe to have a working bruteforce, and as much overwhelming mathematical proof of non-applicability of non-bruteforce approaches as possible.)
And it was actually found to be extremely hard to make crypto algos which are only "slightly" unreliable. Either they are a complete mathematical iron wall, or their deemed weakness is too glaring to be hidden.
That's the wrong point. Key distribution is the weak point in many (most? any?) crypto systems (and analogously, SSL certs), and that's where you have a trade-off between super-high security (opengpg ring of trust) and decent security (lets encrypt).
