Re: Compromised CA
I don't think so. They would only have to compromise ONE and then block the rest. Still quite possible. And I don't know of a way around this kind of system. DNS basically relies on Trent to work, and Trent can be replaced or subverted.