How can I trust a CA that fraudulently issued certificates that it is not responsible for?
I think you don't need a certificate for a transport-encrypted connection. But if I already pay for a certificate, then it should also be a trustworthy one. The next question would be whether my provider would accept a certificate with a bad reputation or just reject it like a self-signed certificate. The answer to this question doesn't matter to me because I am blacklisted behind a DSL connection. As I wrote earlier, I prefer Stunnel for the secure connection to my provider's smart host. Simply because I miss some configuration options in Mercury (blocking older/insecure ciphers etc) and without documentation... This is my personal opinion. Maybe some thoughts are not fully considered yet.