> Issuing a Google certificate is a good way to get your whole CA killed.

Surely what happened here is a good way to get your CA killed? The linked bug seems pretty bad.

tptacek 2 months ago | parent | next [-]

Less clear on that. Bugs happen. I'm not an expert on browser root policies.

	▲	thayne 2 months ago \| parent [-]
		From what I understand one of the factors is how often things like this happen, and how well they handle it when it does.

agwa 2 months ago | parent | prev [-]

Historically, singular domain validation bugs have not killed CAs.