For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.
Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates
We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for MyBank.com?
alias tm='tmux att || tmux'
Then one day I started to think about Google Car and I realized that the "killer app" for Google Car isn't as a car, it's as a truck. I agree it won't happen overnight, but it will happen. According to the U.S. Bureau of Labor Statistics, there are almost 800,000 big rig truck drivers at $40,000/yr in the US. (2012 data) Another 40,000 drive delivery trucks. Politics are the only thing that will save it. It's too large a cohort of workers. I look at the the NAFTA provisions for Mexican drivers to operate in the US that haven't been implemented as evidence that Congress will discourage their adoption. Also, what congressman wants to be on record of approving "Big Scary Robot Trucks" that accidentally drove over the Smith Family minivan killing both parents and Baby Smith too.