Let's be honest, without any methamatical/design/architectural
assumptions, about the current PKI practical context. One of the
weakest links of PKI is trust delegation to some sort of governement
based legislated system. As said, somewhere on this maling list, CA's
are companies in those same
The way you position yourself in the network infra-structure is of
very importance when doing data collection.
Users of a given ISP may have rogue certificates while others at the
same country but another ISP may not. We as researchers need to
position ourselves at different network scopes in
