The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires.eff.org
Completely agree. Especially the cost, since most certificates are automated end-to-end, are in fact nothing more than a few bits and bytes that require no further follow-up, and are stilled charged at 150$ and more per year.
The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds.
First thoughts: great in theory, disaster in practice? It's still based on CA's that need to be "trusted". I thought we were getting passed this?