Too many certificate authorities
There are 650 organizations capable of producing signatures accepted by your popular browsers.
Revocation is broken
CRL and OCSP are supposed to provide revocation services. If the OCSP lookup times out, then browsers carry on anyway.
The unsafe bridge from HTTP to HTTPS
At the moment in time when a browser is redirected from non-TLS to TLS there is a window of attack. Take a look at this response:
curl -I http://dvikan.no/ HTTP/1.1 301 Moved Permanently Server: nginx/1.6.0 Date: Wed, 21 May 2014 13:31:02 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https://dvikan.no/
My blog is fully served over HTTPS and I redirect all traffic from port 80 to 443.
However, an attacker can simply strip away the
Location: https://dvikan.no/ and
Location: http://dvikan.no/ there instead. The next time the browser requests this
page the mitm attacker can himself do a HTTPS connection towards my site, grab the html
and send it back to victim.
The only thing different a victim will see is that the HTTPS icon is missing. So it looks just like a regular HTTP website.