provided by: 
Originally published at Internet.comBy Kurt Seifried (seifried@securityportal.com) for SecurityPortal ----------------------------------- There are hundreds of thousands of certificates floating around. The whole premise of certificates is that multiple parties trust a central certificate authority. This form of security and verification is not without issues.
For a while now I've been writing articles about SSL. I've outlined various problems, and explained why SSL in general is a poor solution that should be improved (before we start doing things like online voting - yikes). The whole premise of certificates is that multiple parties trust a central certificate authority (CA), so that when Alice wants to talk to Bob they can verify each others' certificates through the CA - in theory proving they are actually taking to the person they claim to be.
This CA has a very important job, especially so with the use of X.509 certificates (currently the most common for SSL, smartcards and so on). Unlike PGP or GnuPG, for example, where you can have multiple entities sign a certificate (such as your mother, your boss, the post office, etc.), with X.509 you are limited to one only. Because X.509 certificates can only be signed by one entity you ultimately have to place all your trust in the signing entity...
Read article at Internet.com site