Remember the X.509 PKI? You know, the one that gave us
- "Oh wait, certificate revocation is basically all broken"
- The One Where That Dutch CA Issued A Fraudulent *.google.com Cert
and my all-time favorite:
- Honest Ahmed's Used Cars and Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
It's great, because it secures virtually all web traffic, and all you have to do is get a certificate from a certificate authority -- any one at all!
Don't be picky: there are literally hundreds in your trust bundle: