They quickly realized the problems that you describe. In Nov 2011, the Certificate Transparency project by Google had its initial commit: https://github.com/google/certificate-transparency/commit/6a...
In Chrome they have since enforced CT compliance for certificates: https://groups.google.com/a/chromium.org/forum/#!msg/ct-poli...
CT requires that each certificate issued needs to be contained in both a Google log and a non-Google log: https://github.com/chromium/ct-policy/blob/master/ct_policy....
This means that fradulently issued certificates either won't work, or will be contained in public logs run by Google (or Google needs to be forced by authorities as well).
They quickly realized the problems that you describe. In Nov 2011, the Certificate Transparency project by Google had its initial commit: https://github.com/google/certificate-transparency/commit/6a...
In Chrome they have since enforced CT compliance for certificates: https://groups.google.com/a/chromium.org/forum/#!msg/ct-poli...
CT requires that each certificate issued needs to be contained in both a Google log and a non-Google log: https://github.com/chromium/ct-policy/blob/master/ct_policy....
This means that fradulently issued certificates either won't work, or will be contained in public logs run by Google (or Google needs to be forced by authorities as well).