Re: DV's only
That's correct. EV certs are dead, since Chrome and Safari stopped displaying them, because users ignored them.
The *only* thing that an SSL/TLS certificate assures you is that when you make a connection to xyz.com, you you are exchanging data with someone who controls the domain xyz.com - that is, the connection is not subject to DNS spoofing or active man-in-the-middle attack.
In particular, it does not tell you anything about whether xyz.com is a good or bad actor, e.g. if you enter your credit card details they will be used for evil purposes or not. And it never did.
Biting the hand that feeds IT
