[pedja]

Downside existed before Let's Encrypt, it just got amplified with it.

General public does not differentiate between the SSL certificate validation level.

Let's Encrypt provides domain validation certificates, which only validates that one owns the domain in question.

There is another level - Organization Validation SSL certificates, which involves manual checking that this is the legal entity it claims to be. I would expect the financial institutions to use this kind of certificates to avoid phishing, but sadly I've seen some of them use Let's Encrypt.

[Thiez]

Browsers don't differentiate between the SSL certificate validation level. Because it has been shown that the higher validation levels aren't actually significantly more secure, so the distinction is pointless.

[NavinF]

OV certs are pointless and that's why nobody uses them. Anyone can pay $30 to register a business with the same name in a different state.

[maxpro]

I don't think this is an issue with LE or the implementation. Maybe we need different policies for such organizations, but this is for sure not a LE issue