0.2% of the SSL certificates out on the Net are bad….

This according to a new paper from Carnegie Mellon scientists here [pdf]. Considering the size of the Internet, that number is extremely worrying. The geographic distribution of the forged certificates is actually the most interesting part of the paper to me…it’s not what one might expect.