[g-b-r]

There's probably at most one person every ten millions who uses add-ons displaying each connection's certificate authority; and even them will likely not notice anything if it's only done to them occasionally (not to mention that absolutely no one checks the connections used to download third-party stuff, to my knowledge).

[Jensson]

Yes, because CA level attacks are basically nonexistent and not a very big deal since they require you to control the targets internet connection.

The moment people learn that the US government could control a CA and your internet provider to spy on you maybe that will change. But as is people think it is too much work for governments to bother with it.

[g-b-r]

> Yes, because CA level attacks are basically nonexistent and not a very big deal.

I'd call that bs, CA level attacks are very unlikely to be detected, so we know little about their prevalence.

(you edited your comment to add... that it requires you to control the targets internet connection?? And "the moment people learn that thenUS government could control (a CA) and your internet provider to spy on you maybe that will change With tls becoming ubiquitous they're now indispensable

[g-b-r]

ops I guess I destroyed my comment by mistake, and I can't edit it anymore...

It originally was

* I'd call that bs, CA level attacks are very unlikely to be detected, so we know little about their prevalence.

With tls becoming ubiquitous they're now indispensable*