Hi, phil I think we all agree that there are not 600 root CAs (just looking at the root store of your favorite OS or browser shows that), and the actual number of organizations is "only" several dozens. What both the EFF and this discussion are missing, is that the number of organizations running root CAs is not the biggest part of the problem. In addition to the root CAs, the big organizations have sub-CAs and RAs. I trust you remember that ComodoHacker did not actually hack Comodo. He hacked instantssl.it. And those researchers didn't trick Verisign into signing a sub-CA certificate using an MD5 collision, they did it to RapidSSL[1]. So how many InstantSSL.it and RapidSSLs are there? Don't they outnumber the root CAs? Are they subject to the same rules set by the CABF? NameConstraints are very rare on the web, so these Sub-CAs or RAs can issue a certificate for anything. Isn't that right? Yoav [1] Is it just my imagination, or do the names of CAs indicate that marketing believes that quickly getting the cert is the only thing that customers care about?