Nope, it's available :) $ whois didglennbeckrapeandmurderayounggirlin1991.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net/ for detailed information. No match for domain "DIDGLENNBECKRAPEANDMURDERAYOUNGGIRLIN1991.COM". >>> Last update of whois database: Tue, 10 Nov 2009 16:15:08 UTC

Also, they have guns.

This seems to closely relate to the next story currently on the frontpage; Predicting Malicious Web Attacks

First of all, this story should probably link to the actual event site.

Secondly, the results have been available since 11/19/08. This is hardly news at this point.

"The weakest trusted CA in the world compromises the entire public key infrastructure."

That's a slight overstatement. It compromises the entire public key infrastructure for which that CA is the root of trust.

If you removed all MD5-enabled CAs from your trusted roots list, you remove the potential of being fooled by a forged cert. Certs issued by other CAs, unaffected by the brute-force MD5 collisons, remain as trustworthy as they ever were.

Granted, for most people the chain of trust ties back to the default CAs that ship with their browser, and if any of those CAs is vulnerable, your faith in any cert validated as 'trusted' by your browser goes down, and most people don't bother looking at what CA issued the cert so long as their browser deems it trustworthy, but it's a little more nuanced that 'compromises the entire PKI infrastructure.'

I suspect browser patches will be out soon, removing trust for affected CAs entirely, not trusting them past a certain date, or at least giving warnings when MD5 signature verification is found along the chain of trust.