The Security of SSL
EFF reports on the security of SSL:
The most interesting entry in that table is the “CA compromise” one, because those are incidents that could affect any or every secure web or email server on the Internet. In at least 248 cases, a CA chose to indicate that it had been compromised as a reason for revoking a cert. Such statements have been issued by 15 distinct CA organizations.
Toby Speight • October 27, 2011 7:33 AM
I’ve never really understood the SSL model that requires only a single chain of trust. Accepting only certificates that are signed by, say, at least two CAs (more like PGP’s model) would at least give affected parties a window of time to recover from a compromise. An adversary who could take out multiple CAs at once could exist, but it would certainly increase the difficulty. And as for web browsers that unquestioningly trust hundreds of CAs as sole authority for a certificate, well that beggars belief entirely.