from: http://rss.slashdot.org/ ~ r / Slashdot / slashdot / ~ 3/6exXg8gdel0/Are-Some-CAs-Too-Big-To-Fail:

Trailrunner7 wrote In the wake of revelations this weekend on the severity of the attack on the certificate of authority DigiNotar, security experts have renewed criticism of the infrastructure of the Internet’s digital certificate, with wondering if some certificate authorities (CAs) may be too big to fail. Is Mozilla and Microsoft and Google have canceled trust root certificates from VeriSign or Thawte, had they been compromised? Improbable. This n is not a simple matter to remove the certificates from a database because they are not at all bases, said Moxie Marlinspike researcher, who presented an alternative approach to existing infrastructure SSL DEFCON last month. We can never keep them all.