Security is a chain; it's only as strong as the weakest link. The
security of any CA-based [certification authorities] system is
based on many links and they're not
all cryptographic. People are involved.
-- Carl Ellison and
Bruce Schneier
"Ten Risks of PKI: What You're not Being Told about Public Key
Infrastructure"
http://www.counterpane.com/pki-risks-ft.txt