Is there any ability for a cert to contain multiple signatures? Obviously one needs the CA signature, but does it have to be the only one? My thought would be that security could be greatly improved if as a matter of course certificates were signed by older versions in addition to being signed by CA's. What I'd ideally like to see would be a facility by which a certificate for foo.com could contain a notation which would mean: "Foo.com has no intention of issuing, or requesting the issuance of, any certificates before 3/24/2013 which aren't signed by the public key in this certificate. Be very very very suspicious of any certificates that claim to be from foo.com but do not have such a signature. Also [optionally], if the previous certificate from foo.com had a thumbprint other than xxx, yyy, zzz, or qqq, warn the user that the previous certificate was likely bogus."
Even if someone managed to trick a CA into issuing a bogus cert for foo.com, such a bogus cert would raise red flags if someone who had previously used a valid cert tried to use a bogus one. Also, if someone who used an undetected bogus cert subsequently tried to use a valid cert, they'd get a (somewhat belated) warning of security compromise in that situation as well.
Again nice idea, but PKI does not work that way. If my business had a scum employee who ran off with a private key for one of my certs signed by my CA (dated before 3/24/2013) who handed it to hackers it before that date, it would still need some mechanism to be invalidated by a CRL to revoke the cert (even if counter-signed) prior to that date in the event of a defection of a trusted officer, with a way to issue a replacement cert.