Dual_EC_DRBG is a pseudo random number generator, so if it's compromised you could use the internal state to recreate the sequence of pseudo random digits from that point forward. SSL/TLS is protocol which incorporates a suite of algorithms for authentication, key exchange and encryption. So on that level, like the sibling comment mentions, they aren't really comparable. The part of the SSL/TLS protocol that really depends on the certificate is the authentication, though - Diffie Helmann can be done in the clear without compromising its security, and once you've established the key any algorithm can be used to encrypt. When you revoke a certificate, you're essentially saying that you suspect someone else may be able impersonate you on the internet, so don't trust anyone authenticating with it. The algorithm is secure, but the certificate is not.
The point I was trying to make is that if you suspect someone has compromised your certificate, you can revoke it to reestablish secure communications. If you suspect your random number generator has been compromised, you can likewise just change the configuration (assuming it's not hardcoded into some piece of cryptographic equipment).
The point I was trying to make is that if you suspect someone has compromised your certificate, you can revoke it to reestablish secure communications. If you suspect your random number generator has been compromised, you can likewise just change the configuration (assuming it's not hardcoded into some piece of cryptographic equipment).