Danny O'Brien writes in Slate an interesting article entitled "The Internet's Secret Back Door: Web users in the United Arab Emirates have more to worry about than having just their BlackBerries cracked." in which it is detailed that MitM attacks can be facilitated by any of a few hundred CA-delegates. It discusses the CA company CyberTrust which is the government-connected mobile company in the UAE.
A spirited discussion follows up on Schneier's blog.
The EFF also calls out Verizon on this issue, asserting thats the Etisalat Certificate Authority threatens web security.
Behind the scenes, on mozilla.dev.security.policy the issue is discussed.
Now that the certificate cartel issue is becoming more and more known as a problem in the wider public, what will happen? Will outcries over specific CAs result in changes that do nothing to address the structural problem?