NYT 4/6/11 Attack on 3rd Party Web Certificate Issuer

The vulnerability of current browser authentication was highlighted with the hacking of Comodo, an Internet security company (which controls over 95K certificates), making it "too big to fail", e.g. impractical to rescind its authority to issue certificates.

The issue of weaknesses in the "chain of trust" of web certificate issuers stem from the development of certificates in the early 1990s environment which did not yet foresee the need for website authentication.

For a detailed discussion of why browser revocation does not work see the 3/22/11 TOR article.

A solution, DNS-based authentication of named entities, is under current discussion.

http://www.nytimes.com/2011/04/07/technology/07hack.html