Apparently the cost of TLS these days is to subject yourself to whatever laws that countries of "free" TLS want to impose on you. That isn't very cheap.
Apparently the cost of TLS these days is to subject yourself to whatever laws that countries of "free" TLS want to impose on you. That isn't very cheap.
I'd also love TOFU for TLS, at least on .local TLDs, but for publicly hosted websites, I've come around to the idea that maybe encryption without authentication would not help that much these days.
As for who does that authentication: Given all the suggestions in the sibling threads, I really don't think we're in a situation where there's a single entity gatekeeping access by any means.