I would highly recommend that all of the official Cardano sites gets an EV cert. Also here thinking about the Daedalus wallet site and downloads. I know that EV certs. is not a fix all phishing problems. But it at least will raise the bar a bit since its trivial to get a normal TLS/SSL certs.
The way that CF/IOHK have created domains and spread their information around among them is pretty amateur. One would think all the info would be at cardano.org but nope, the roadmap is at cardanoroadmap.com. Documentation? cardanodocs.com. Unless you’re visiting cardano.org and navigating over to one of these other sites, you don’t know for sure whether one of these other domains is legit.
In the early days it was enough to give me pause – if they can’t anticipate this as a problem, what else can’t they anticipate? I’m more confident now but this is just sloppy.
I agree 100% with @bbhart on this. Spreading the official information across so many domains is so confusing and it doesn’t build trust. It’s almost like each domain name represents a different IOHK sub-contractor working on specific deliverables.
Why not put everything on cardano.org and then sub-domain it: docs, forum, roadmap, etc.