https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/ Looks like Mozilla plans to disable the entire root for now. ca-certificates should follow suit. - Josh Triplett