So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.
I’m somewhat skeptical. What if LetsEncrypt decided to misbehave tomorrow? Would the browsers have the guts to shut it down and break all sites using it?
Yes, they will. We’ve seen it before in mostly less serious cases: Diginotar, Türktrust, Symantec, etc. As brittle as the CA system can be, when there is real enough trouble, CAs do get revoked.
Not the browser companies. The parent CA would revoke Let’s Encrypt’s certs and publish that revocation in the certificate revocation list. When the browser (software, running on your system) downloads the new CRL, they will automatically stop trusting LE.