[wayfarer2s]

> valid certificate trusted by a fake CA

I don't think that's possible. A fake CA can't issue out valid certificates because you wouldn't trust their certs to begin with -- it's all about trust and if you know they are a fake CA, then you would never trust them or anything they issue. It's like if a known counterfeiter claims to be selling legit products, you probably wouldn't trust them.

[ashelmire]

A compromised, but legitimate CA is a vector of attack in this case. Any CA can be compromised by nation-states through legal coercion, and all of them probably have some vulnerabilities that have yet to be found. There are also new CAs that are not yet trusted, and sometimes old ones that are on their way to being delisted.

So you need an up-to-date list of trusted CAs (which most of us are relying on google for, in this case), which means trusting google at the very least (a company that compiles and sells your data, and is also based in a nation that issues secret warrants and orders to tech companies). It would be pretty surprising if this wasn't already a vector of attack being actively used (the fact that a trusted list needs to be maintained suggests that it is).

[PeterisP]

While there are ways to compromise CA's (e.g. like you say, by nation-states for their intelligence goals), it is important to think about the appropriate risk profile.

For a NatWest customer accessing their internetbank, the expected, quite frequently observed risk comes from organized phishing teams pulling off mass semi-automated scams. For an attacker that, getting a certificate signed by a fake CA is unrealistic, and the concerns that you list aren't going to change anything since they're not going to do that anyway. On the other hand, getting a misleading certificate signed by a real CA and passing it off as the real thing is entirely feasible by this type of attacker, so fixing that is important.

Nation-state hacking, censorship and advanced persistent threats aren't what's causing the most damage/problems to most people on the internet right now, the multitude of random criminals is the largest issue. If you have to worry about a CA "compromised by nation-states through legal coercion", then this by itself means that you have a very different risk profile than pretty much everyone else; and the risk-reducing activities that make sense for you shouldn't be expected to be relevant for others and vice versa.

[zAy0LfpBZLC8mAC]

Which is why certrificate transparency is coming, so those will be distrusted ASAP.