Interesting reading: Google Hit Again by Unauthorized SSL/TLS Certificates - eSecurity Planet
It looks like CA model in SSL/TLS is really broken. CA should be someone we should trust, but it looks like we can't. HTTP public key pinning is getting more and more importance. In my humble opinion such CA's should be automatically blocked for ever like DigiNotar in the past. You know the logic, if you brake the trust you are out of business. And additional: all the costs customers have regarding this certification revocation (like costs for new certificates at new CA) should be immediatelly be costs of CA braking the trust. Your opinion?
In my humble opinion we should start thinking that web sites not using HTTP public key pinning should not get an A grade in SSLLabs.com test. Your opinion?