Comment Re:Good. +1 for Google. (Score 2) 176
I was under the impression that the CA only gets used for verification *if* the site's cert claims to be from that CA.
How often do you stop and look at which CA signed the certificate for the HTTPS site you're using?
As long as the certificate is signed by a CA certificate the browser has in its CA store, the browser won't show any warnings. Browser makers are also notoriously bad at checking if certificates are on Certificate Revocation Lists (CRLs), of which each CA has (at least?) one.