Jacob Applebaum’s
blog post on the subject is really informative.
Also,
revocation doesn’t work.
There are some Firefox extensions that do Web of Trust or Trust on First Use for SSL certificates; I’m curious as to how well those work and if they can be generalized to work across the whole OS.
And the EFF has the
“SSL Observatory” mailing list that may have more interesting discussion.
Affected domains:
- login.live.com
- mail.google.com
- www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org