[wahsd]

My understanding is that CAs have been compromised for a while now. Does no one remember the RSA scandal and the NSA's manufactured hash collisions through deliberate injection of vulnerabilities into random number generators? I may be off a bit but I recall the revelations basically concluding the whole system was compromised at the fundamental level.

[dynode]

Do you have any links or sources?

I too remember something like that, but was under the impression that CAs are still ok.

But of course, judging by the massive downvoting you've gotten, I suppose you're incorrect. I wish those downvoters would explain their viewpoint rather than downvoting...

[brianpgordon]

You're thinking of https://en.wikipedia.org/wiki/Dual_EC_DRBG which wouldn't affect the secrecy of private keys.

[LLWM]

There's no reason to go to so much trouble when plenty of common root CAs are using MD5 or even MD2 signatures.