> Not that I expect Google to issue fake certs, but DigiNotar also doesn't command 80%+ browser marketshare to soften the blowback.
Not sure how that is relevant. DigiNotar was a trusted root CA in all major browsers. So if an attacker managed to get a fake certificate issued by DigiNotar, they could attack 100% of the users visiting the website for which the fake certificate was issued.
In fact, they did issue fake certificates by accident due to a security breach. As soon as the error was caught, their CA certificates were removed from all browsers. They went bankrupt! That's how serious this business of issuing certificates is.
Not sure how that is relevant. DigiNotar was a trusted root CA in all major browsers. So if an attacker managed to get a fake certificate issued by DigiNotar, they could attack 100% of the users visiting the website for which the fake certificate was issued.
In fact, they did issue fake certificates by accident due to a security breach. As soon as the error was caught, their CA certificates were removed from all browsers. They went bankrupt! That's how serious this business of issuing certificates is.