Correct me if I'm wrong, but haven't you also attacked TOFU POP as being worse than the CA system? If I understand correctly, it was a limited form of TOFU POP that caught this attack. (And it seems like TOFU POP MONK would fix the remaining weaknesses of TOFU POP.)
It seems to have worked better in this case. It also would have worked better in the Comodo case, but it wasn't deployed yet. It certainly works better for the intranet case. I can't identify the case where it doesn't work better. Can you help?
