Is there anything that could be added to RP software to reliably
detect and thwart the use of a rogue CA certificate? Or would
any attempt to do that just cause too many problems?
Mike (who is writing "I am not a security expert" 100 times on
the chalkboard)