It depends. If the ACME client is configured to only use Let’s Encrypt, then the answer is yes. But the client could fall-back to Google’s CA, ZeroSSL, etc. And then there is no single point of failure.
ZeroSSL/HID Global seems to be quite multi-national though, and it’s owned by a Swedish company (Assa Abloy).
I don’t know what what kind of mitigations these orgs have in place if the shit really hits the fan in the US. It’s an interesting question for sure.
The US has strong institutions which prevent the President or Government at large controlling these on a whim. If those institutions fail then they could all push out an update which removes all "top of chain" trusted certificate authorities other than ones approved by the US government.
In that situation the internet is basically finished as it stands now, and the OSes would be non-trustworthy anyway.
Fixing the SSL problems is the easy part, the free world would push its own root certificate out -- which people would have to manually install from a trusted source, but that's nothing compared to the real problem.
Sure, Ubuntu, Suse etc aren't based in the US, but the number of phones without a US based OS is basically zero, you'd have to start from scratch with a forked version of android which likely has NSA approved backdoors in it anyway. Non-linux based machines would also need to be wiped.
Absolutely not.
If the president attempted to force a US-based CA to do something bad they don't want to do, they would sue the government. So far, this administration loses 80% of the lawsuits brought against it.
And that's before more overt issues. Microsoft/Google/etc could sue to stop the US ordering them to do what they should. Is the CEO really willing to risk their life to do that? Be a terrible shame if their kids got caught up in a traffic accident.
I don't have a lot of trust in US institutions actually. The most powerful universities, corporations and law firms have capitulated to him.
So far, the tech companies have placated Trump by contributing to his causes and heaping praise upon him and not speaking out regarding the tariffs. That's enough for now.
> Is the CEO really willing to risk their life to do that?
We're not at that point; at least not so far. Besides, it's much easier to blackmail them for more money or for the Department of Justice to open an investigation or to stop a merger they want to do.
Also these companies aren't just sitting around doing nothing. Apple reworked their supply chain; all iPhones sold in the US are now made in India.
You could argue that The Don in charge of the US is in control of letsencrypt
