Hi, phil
I think we all agree that there are not 600 root CAs (just looking at the root
store of your favorite OS or browser shows that), and the actual number of
organizations is "only" several dozens.
What both the EFF and this discussion are missing, is that the number of
organizations running root CAs is not the biggest part of the problem. In
addition to the root CAs, the big organizations have sub-CAs and RAs. I trust
you remember that ComodoHacker did not actually hack Comodo. He hacked
instantssl.it. And those researchers didn't trick Verisign into signing a
sub-CA certificate using an MD5 collision, they did it to RapidSSL[1].
So how many InstantSSL.it and RapidSSLs are there? Don't they outnumber the
root CAs? Are they subject to the same rules set by the CABF? NameConstraints
are very rare on the web, so these Sub-CAs or RAs can issue a certificate for
anything. Isn't that right?
Yoav
[1] Is it just my imagination, or do the names of CAs indicate that marketing
believes that quickly getting the cert is the only thing that customers care
about?