In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote:
There is a risk that any CA issued SSL certificate signed by _any_ CA
may be worthless some time in the future, if the CA chosen is later
found to have issued sufficient quantities fraudulent certificates,
and sufficiently failed in their duties.
One thing I'm not clear about is, are there any protocol or
implementation limitations that require only one CA?