1565678553
π·οΈ news
Good, as it's been a joke the entire time. The crypto's all the same regardless, and it's not like I know who and trust the guys at whatever CA issues them, so the argument that it is a "web of trust" is mostly hokum. This is further evidenced by years and years of mis-issuance. Only DNSSEC can square the circle of "this cert actually is the one for this website", but even then DNS is subject to being spoofed & thugged out by government or similarly empowered entities.
Considering how easy it is to get a DV cert these days, the broswer vendors may as well just allow self-signed again.