[echoangle]

How does knowing the issuer of the certificate tell you anything if any CA can make certificates for your bank domain? If the answer was „sure, we use GlobalSign“, is that good or bad? If the Brazilian CA is malicious, they can still MITM you, right?

(Assuming certificate pinning doesn’t exist, which was the case 10 years ago and is true now, too)

[II2II]

If my bank uses "GlobalSign" and my browser says "Brazilian CA", I know something is wrong. Granted, such a discrepancy would have been more noticeable back then since the lock icon had the issuer displayed next to it. Now I have to click the lock, then select a menu item to get that information. And, if I'm feeling particularly paranoid, it takes 5 clicks to review the certificate. (At least in Firefox.)

If the bank is unable to tell me which CA they use through a trusted channel, the only way I could tell if there is a problem is if the CA changes.