However, in any case, there are already so many CAs, that I am wondering what is preventing governments of forcing one of them to provide a fake certificate that suits their needs for national security reasons...
What "stops" them (to the extent that anything stops a government that is ignoring their own laws) is that the agreements CAs sign with browser/OS makers don't have any provision for issuing fake certs just because a government requested it or compromised the key.
That means if anyone found evidence that a CA was issuing bogus certs (such as one of those certs), that CA would be revoked and bankruptcy would follow soon after. The fact that they were just obeying a court order wouldn't be considered relevant by the browser makers, especially if it's an obscure and little used one.
There are other forms of punishment beyond outright revocation. A CA owned by the French government did something bad at some point (I forgot what), and instead of total revocation they were name constrained to .fr
But basically, forcing CAs to co-operate with you against the contracts they've signed is a very limited strategy. Most governments outside the US government can only do it once or twice before there are no more CAs left in their jurisdiction. Not to mention the legal mess that would result from a company beyond forced to commit suicide to help an intercept operation.
ANSSI if I remember correctly, and one of their intermediate CAs issued an intermediate that was installed in a MITM device. They seems to be phasing out the root now BTW.
There's not much to protect against that. But looking for 'perfect' CA protection is hopeless. At least by eliminating the more untrustworthy CAs you can protect against some attacks.
Certificate Transparency does little to solve this problem. It doesn't stop MITM attacks. It might have a chance of helping a small number of companies that have the resources to monitor all logs, but that's after the attack and only if all relevant CAs are participating in the system. It gives ordinary users nothing and requires sysadmins to go to extreme lengths. Most websites are unlikely to benefit:
We've been working very hard on an alternative proposal that prevents MITM attacks called DNSChain, and we keep a running comparison of it with other proposals folks have made here:
I should have mentioned too that you have click on the "earth" title on the bottom left to interact with the configuration where resides all the fun. Not that easy to notice at first sight.
I know it is not new but it is the first time I stumble upon this so I wanted to share this awesome work.
A native implementation like the JPEG decoder would be fine. The bundled JS decoder implementation is elegant but not efficient on mobile platform (stalling here for seconds on iPad 3 / iOS 8 / chrome while JPEG ones are displayed instantaneously)
However, in any case, there are already so many CAs, that I am wondering what is preventing governments of forcing one of them to provide a fake certificate that suits their needs for national security reasons...