[technion]

A classic example is this[0] debacle, wherein a legitimate user struggles with all forms of difficulties because a CA took it upon themselves to police the certificates they issue.

Similarly, I bought a certificate from that same company and because it was for a well known brand I was made to jump through all sorts of verification hoops, despite being a DV certificate.

I won't link it here but I came across a stresser service quite literally selling DDoS tools, advertising that they accept bitcoins for anonymous attacks - who happen to have an EV certificate and give users a big green bar.

Does that make it a legitimate business? SSL vendors what you to think so.

[0] https://forums.comodo.com/ssl-certificate/comodo-rejects-pos...