Comment 99 for bug 310999

While I agree with your sentiment (and don't particularly like the way this was handled – if the issuance issue was fixed then what's with the secrecy?), I think the underlying problem is going to require a more drastic solution than playing whack-a-mole with CAs. The TOR blog post references a few interesting Internet-Drafts which will hopefully make some progress in Prague next week but in the mean time we face a tradeoff between greater availability (and therefore deeper penetration) of SSL and dodgy certs... I'm not sure what the best solution is (and am perhaps more concerned about government interference with CAs than technical issues).