On Wed, Jan 02, 2013 at 07:35:49PM -0500, William Herrin wrote:
A "reputable" SSL signer would have to get outed just once issuing a government a resigning cert and they'd be kicked out of all the browsers. They'd be awfully easy to catch.
I believe Honest Achmed said it best: "In any case by the time he's issued enough certificates he'll be regarded as too big to fail by the browser vendors, so an expensive audit doesn't really matter." as well as "Achmed's business plan is to sell a sufficiently large number of certificates as quickly as possible in order to become too big to fail" and "Achmed guarantees that no certificate will be issued without payment having been received, as per the old latin proverb "nil certificati sine lucre"." - Matt