TLS Increasingly Exists in Three Different Worlds
The first world is web TLS, which is dominated by browsers. This is the familiar world of public HTTPS, with public Certificate Authorities, requirements for certificate transparency, and so on. The browsers increasingly are calling the shots here and they’re pushing for things like short certificate lifetimes, aggressively moving away from old TLS versions, and so on.
[…]
The second is non-web public TLS, where TLS is used for protocols like IMAP, SMTP (with STARTTLS), and so on. This world still uses public CAs, but it has a lot more old clients and servers and is a lot slower to deprecate old TLS and SSL versions, move to shorter certificate lifetimes, and so on.
[…]
The third world is internal TLS, where TLS is used inside an organization or a service to encrypt connections and often to authenticate them (and sometimes it’s used between organizations).
Previously: