But even if we get the CA issue sorted out somehow, or even if someone really only uses trustworthy certificates, SSL is still broken. That's why this is news. It's an attack on the confidentiality of SSL which (I think) has never been done before.