>In the current state of the world, we're all dependent on CA signatures for each connection we make to a website.
Now that you mentioned it, are those safe from say a government agency having access to the companies that serve as certificate authorities? Or is it all a house of cards, as it is now?
Some CAs make more of an effort to secure their crown jewels than others, but for the most part, it's a big house of cards.
Which is why nothing serious happens to Comodo and Verisign when they get hacked: anybody knowledgeable is already aware that a certificate means very little on its own, and we can't stop the internet anyway, so hey, life goes on.
Now that you mentioned it, are those safe from say a government agency having access to the companies that serve as certificate authorities? Or is it all a house of cards, as it is now?