PKI is described as the backbone of internet security.

But it has one enormous weakness.

The entire system depends on trusting the Certificate Authorities.

If a CA is compromised, corrupt, or makes a mistake, every certificate it issued becomes a potential threat.

Your browser trusts over 100 root CAs by default.

Do you know who all of them are?

Neither does most of the world.

Is this a problem worth worrying about? Comment your thoughts.