The security industry has no shortage of hard problems to solve, but the one that s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The proposal contemplates three different scenarios that could occur if a. CAs issue their own certificates for domains they don t own, either by mistake or through a compromise. If a bad. certificate doesn’t appear in a public log and none of the logs colludes with the. CA, then the client will reject the. certificate.
Source: https://threatpost.com/google-researchers-propose-new-plan-shore-ca-system-112911/75936/