Comodo declining to name the reseller
means that they themselves must be considered compromised. Worse is that private keys to other-CA signed signing certificates are also compromised. And they're not telling which there either.
Though users of ie and anything else that uses the windows certificate store aren't helped by knowing which certificates are compromised: Removing them yourself just results in the relevant micros~1 processes silently(!) adding them back(!) at the next store access or windows update. It's clearly not up to you who to trust, according to them.
The whole PKI is rife with this sort of silliness, and is why I don't think the whole thing does what it says on the tin. It's merely a way to expensively sell numbers that cause your domain name in the browser bar to turn gold or green or whatever the colour of the week is. And ultimately, that doesn't mean Joe Average User is supposed to understand what it means.
So what's the basic problem with SSL? Well, it's built for function. If it doesn't work, it doesn't work and blocks people from what they want to do, causing popups or errors-within-the-browser-window that mainly serve to annoy, not inform, the end user. CRLs work the same, but have opposite function. When that doesn't work, compromised certificates slip through. A rather insidious hole to abuse.
The exciting crypto part is reasonably well-tested though even things like side-channel attacks aren't to be ruled out. But certificate handling remains the boring, neglected part. It starts with hopelessly convoluted attributes and whatnot that make its encoding, chew toy ASN.1, look sane by comparison. Few people know what any of that even means, nevermind the variations by which various browsers interpret it all. CRLs? Don't work. Meaningful error messages? Say what? You're lucky the browser bar may or may not change colour. Clear paths to recover from compromise? Ha ha!
And the kicker? The very model. Pay some shady company like verisign an exorbitant sum to issue a certificate for a year --meaning compromise will last that long too, worst case-- that is supposed to protect you from, well, those they don't take money from. They're a commercial entitiy. Systemic safety built in right there.
That certificate issuing thing isn't special; just about any SSL implementation can do it. With openssl or mozilla's nss installed (that you get "free" with most mozilla's other software) you have the tools. But if you do you'll just get nagged at by your browser, by comparison unreasonably much nagged at.
The thing that makes CAs special is having a self-signed signing certificate stuffed in the world's certificate databases as "trusted". Go take a look in your browser's certificate store. How many of those "trusted" CAs would you trust? Have you any idea what sort of sites they issue certificates for? Or how they do it? Therefore, do you know what it means, what standards they applied? Have you made informed judgements on whether you wish to trust any of them? Provided you can, which in the case of the micros~1 store you plain can't; in other cases the process is so obscure only PKI geeks bother.
The CA structure behind SSL remains more accidents waiting to happen. I'm surprised it doesn't happen far more often. Then again, crypto nerd Appelbaum only noticed when he actively started to look. Appelbaum's page is quite interesting, and not just because of what he did: Notice how just finding out the compromises is something that has just about everyone not into that have their eyes thoroughly glaze over.
The elephant in the room, though, is the curious silence and covering of the root CA for the compromised RA (USERTRUST), and the large browsers doing exactly the same. Why?
They're commercial entities, so why not apply "free market" on this end, too? Probably because of (perceived) interests with other clients, or even interest in protecting this house of cards, excuse me, valuable security system. Perchance free market doesn't work so well for this. So perhaps we should stop paying CAs or their resellers so much. Maybe time for a different model, and do away with PKI and its associated commercial circus, no?