The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...
Oh, yes, sorry, I had a brainfart. Certs don't usually (or at all?) have more than one root cert.
I thought that was the goal. Not to make sure that the website is secure, but that the connection is secure, and that I've connected to the server that I expected.