[gruez]

>most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations

Source? If true they're grounds for ejection from root certificate programs of various OS/browsers.

[ksjskskskkk]

karpersky writes about then from time to time. since its not the CA key but some CA signed by those CA they just revoke that one and move on and nobody cares. last year (or the one before) they discussed this at length on the mozilla chats before the meeting