And interesting development tonight: Based on what happened with DigiNotar recently (especially with the false certificates for *.google.com), the Dutch government decided to have an official statement and in there to take over operations of the CA. The official statement (in Dutch) can be found here.

The key problem is that the certs were used to spy on people by impersonating the Google website. This is a significant issue. I think the key problem is not “only” the certs, which are known to be fraudulent (and this is the context you have to put my earlier statements in) but the question is much more how many certs are fraudulent without us knowing.

I will keep you posted