A non-profit organisation has brought together a team of experts to tackle SSL governance and implementation issues and promote best practice. The Trustworthy Internet Movement (TIM) is convening a task force that includes Taher Elgamal, one of the creators of the SSL protocol; Moxie Marlinspike, creator of Convergence; Ivan …
"It has set itself the tough task of fixing both the SSL and Certificate Authority (CA) ecosystems."
It certainly does - I thought it was blindingly clear to everyone by now that the "CA ecosystem" simply does not work. The fundamental basis of it is too easy to get wrong and/or break.
don't entirely agree
CA's are vulnerable like any other entity. What we need are stronger punishments for CA's that flout the rules deliberately and the removal of any SSL scheme that doesn't involve real identity verification. There is really no reason why all SSL certs for websites are not required to go through the EV process before issuing.