Hi
I hope you don’t mind and maybe talking me I need my tinfoil hat sorry but there’s a few things
Do you remember about a year ago, there were a massive DNS attack which no one could work out for what purpose. I suspected at the time it was for mim attack for future use
Also, ssl does encrypt end to end, but if details are taken from hosting server at time, or code used transferred to a bad site, then it offers no protection. You could say use ba-online.url and grab a let’s encrypt ssl for free, which would show padlock
Also, there is a new dns record called CAA, which if used, designates which SSL (CA) could provide the SSL, so you could lock the SSL to a single or multiple CA provider. This offers better ssl protection to customers if setup/used properly
As I said though, I do believe the big DNS attack was to place code into systems and then when ready, to divert data.
I’m off for my tinfoil now to make a hat sorry
Many thanks
John