So do you trust that Comodo (or any one of the other 180 or so CAs your browser trusts) will not issue a certificate for your bank to the wrong person, after reading this bug report?
I mean, obviously my dream solution where my bank hands me a USB stick with their public key on it when I open an account isn't really feasible, but this bug report makes me wonder what value PKI is really adding.
If that happens (and there are a fair number of pieces that had to fall into place for this attack to work) it puts us back to where it would be if we had no CA. So, do I have absolute confidence? No. But I think the risk is significantly reduced.
I mean, obviously my dream solution where my bank hands me a USB stick with their public key on it when I open an account isn't really feasible, but this bug report makes me wonder what value PKI is really adding.