Re: unless scammers also get EV certificates
Why don't you enlighten us a little then? Let's take a prime example, the Reg's own SSL certificate for instance, issued by none other than CloudFlare. When viewing the certificate in Firefox, the field "issued to Organization (O)" says Cloudflare and "Common Name (CN)" is theregister.co.uk. Where can a user check "for whom" the certificate has been issued? How can you tell if this actually be a stand-up pillar of journalism or a wretched hive of scum and villainy? (on second thought, never mind...)