Yea but as you point out SSL is only as safe as the public key infrastructure it runs on. Backwards compatibilty is also an issue, afaik default setups below tls 1.2 can be degraded to the point where its only ~70bit encryption which can be broken by state actors.
I was told they have intermediate keys for certificate authorities(probably done legally with the ca permission), generate a new key signed with the real intermediate. This would be detectable as the cert fingerprint would be different from the legit legit one, while SSH checks for this by default SSL does not.
I have tried to detect the above and as far as I can tell they are not doing it, but I believe the people I heard more than I believe my ability to detect it.
I was told they have intermediate keys for certificate authorities(probably done legally with the ca permission), generate a new key signed with the real intermediate. This would be detectable as the cert fingerprint would be different from the legit legit one, while SSH checks for this by default SSL does not.
I have tried to detect the above and as far as I can tell they are not doing it, but I believe the people I heard more than I believe my ability to detect it.