EFF Data Shows Four CAs Compromised Since June
The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The data that the EFF looked at was a summary of the reasons that specific certificates were revoked by CAs, as reported by the CAs themselves in CRLs. When a certificate is revoked, the CA specifies a reason for the action, and the EFF looked through the data collected in its SSL Observatory database and found that a scan of CRLs in June showed that 10 individual CAs reported that they were revoking 55 total certificates because of a CA compromise. Another scan in mid-October showed that 14 separate CAs had revoked 248 certificates because of a compromise.
