There has already been a lot written about the compromise at DigiNotar, GlobalSign, and Comodo. One day we will look at the summer of 2011 as the time when the PKI collapsed. That’s not hyperbole. The problems with Certificate Authorities and the inherent weakness they present have been known for years. A fact we alluded to as far back as 1997. Browsers accept certificates as trusted in that they have the signing CA certificate in their local browser store. Browsers do not check that a particular CA is authorized to actually issue a particular server certificate. The trust is universal. That is why the attacks on DigiNotar, GlobalSign, and Comodo are so serious and have global impact.
Network Computing