Right, but that's different. That was a root certificate that was compromised: something you can use to make new certs. The basic certs themselves can be revoked, and are fairly routinely.
There is always a root of trust in a cert scheme (vs. a web scheme, say, which has no single point of failure but a squishier notion of validity). The reason it got caught is that Chrome implemented an independent "pinning" feature for Google's own domains (basically an independent root of trust) and caught the fraudulent certs.
There is always a root of trust in a cert scheme (vs. a web scheme, say, which has no single point of failure but a squishier notion of validity). The reason it got caught is that Chrome implemented an independent "pinning" feature for Google's own domains (basically an independent root of trust) and caught the fraudulent certs.