Bananas was reading this (not here) when the whole concept of paid tls seems like a make work scheme.
For the record the zoo has ssl, dnssec and other things but our cents for tls are the cheap ones (dv), – we also have one lets-encrypt doing something boring.
For ov and ev certs even the cert providers fail the validation test Symantec has been issuing then without these checks. No i am not making that up these are supposed to be trust worthy oh well as long as money is handed over the mafia do not really care.
I have no problem with tls except the way it is procured and set up – for instance how many sites with ssl/tls have caa records, or tlsa.
If you have tls certs and have no fucking clue what a caa is (not regulation of aircraft) then your a problem here too.
So the ssl mafia has been complaining and while i am ok with tls1.3 i do wonder if i will still need my zoo email to handle tls1.0 because some retard at our energy company has not even heard of tls 1.2.
Other shit things the ssl mafia have come up with include hkpk and the ideas continue with httpev: because https is er could mean anything apparently.
The link is an informative read about the perception of things and the desperation of the ssl mafia to differentiate and not follow there own rules while whining about things.
As the browser makers seem not inclined to do the extended bidding of the ssl mafia and people think what they think i am certainly not inclined to buy ev certs, for instance who would the average smart phone user know that the ev certified site they visited is genuine ?
These are valid concerns but the reaction of the ssl mafia is as usual screwed up. These goodfellas are great are they not?