In our (small) organization, Slack has completely supplanted internal email. Sure, there are some channels for idle chit-chat that really don't need persistent history, but most private conversations and many technical-oriented channels need their full history.
Your use-case is not the only one.
The problem is an attacker does not need to control the domain. They just need to control packets to and from it.
If they control all packets to and from the domain for all users, then they effectively control the domain. If they only control packets to and from the domain for a small subset of users that does not include LetsEncrypt (an assumption of the security model, and why LE likely uses several distributed servers), then they cannot successfully obtain a certificate.
Also keep in mind what an LE certificate actual says: https://en.wikipedia.org/wiki/...
If the attacker controls the domain, then the certificate is valid.
You don't have to MITM LE's infrastructure. All that is needed is to MITM your victim's wire which may well include DNS traffic toward their (authoritative) DNS server.
This is one of the reasons I use a separate DNS provider.
Are you referring to a legitimate domain owners client or an attackers client?
I was referring to MITM attacks on the certification process itself.
For an attacker to initiate the process and successfully complete the validation, they would either need control of the server (or be able to impersonate it), or control of the authoritative DNS records. In either case, the certification is logged publicly by LE. In the former case, you point your DNS somewhere else and generate new certificates. In the latter case, the "attacker" actually does control the hostname*, so the certification is valid.
* The assumption here is that it would be difficult to MITM LE themselves when doing authoritative DNS lookups. Presumably LE uses distributed servers to make this very difficult, but I haven't looked into it.
The concern being if you are launching a man-in-the-middle attack and you are near the server side of the connection, then you could pass such a challenge as well. Sure, in the overwhelmingly more likely case that you are close to the client side, you can't do this sort of thing, but it is possible particularly for small domains for an attacker to be close to the server side.
Not quite -- the client generated a private-public key pair when it first contacted LE, communications between the client and LE are encrypted, and the client answering the challenge is required to sign a nonce provided by LE using their private key. The MITM near the server side of the connection does not have the private key, and so cannot read what the challenge value should be, and cannot sign the nonce.
This isn't about the basics of PKI it's the basics of establishing TRUST that's the heart of my question regarding LE.
The basis of any secure system is TRUST not alphabet soups of cryptographic jargon. It's asking the basic question "WHY SHOULD I TRUST YOU?" and receiving a reasonable, verifiable response.
Trust whom, the site owner? LE? Their CA? If you don't trust root CA, then you are SOL. Better unplug your computer. Otherwise, there's your trust chain: root CA vets LE to a level sufficient to grant them an issuing certificate, LE vets the site owner to a level sufficient to grant them a hostname certificate.
How does LE vet ownership to even assign certificates in the first place?
Ownership of what, the hostname? The client requesting the certificate has to satisfy a challenge, for example placing a file with specific contents at a specific location controlled by the hostname, or populating a specific DNS record with a specific value for that hostname's zone. If the client is able to satisfy those challenges, then it already has complete control over the hostname and the content it serves.
What makes this process secure and trustworthy? If there is no good answer to that question all the cryptography in the world means nothing.
If you aren't willing to engage in a discussion about public keys and cryptographic signatures, there's no way to answer this question for you. The cryptography is how the process is secured, and the public key nature (combined with satisfying the challenge above) is how the CA establishes trust.
The brain is a wonderful organ; it starts working the moment you get up in the morning, and does not stop until you get to work.