If I understand the article:
-
a flight plan is a series of waypoints.
-
Waypoints are represented using identifiers that are known to not be globally unique.
-
an algorithm attempts to extract the portion of the flight in the UK airspace failed due to one of the non-unique waypoints in a flight plan
-
the failure caused the primary system to halt
-
the backup system takes over, processes the same flight plan and fails the same way, halting as well
-
UK air traffic control can no longer accept/process flight plans, preventing flights from happening
-
it took a while to resolve the system error, and longer to resolve the impacted people
The main benefits to paying for certs are
The only thing that matters to most people is that they don’t get cert errors going to/using a web site, or installing software. Any CA that is in the browsers, OS and various language trust stores is the same to that effect.
The rules for inclusion in the browsers trust stores are strict (many of the Linux distros and language trust stores just use the Mozilla cert set), which is where the trust comes from.
Which CA provider you choose doesn’t change your potential attack surface. The question on attack surface seems like it might come from lacking understanding of how certs and signing work.
A cert has 2 parts public cert and private key, CAs sign your sites public cert with their private key, they never have or need your private key. Public certs can be used to verify something was signed by the private key. Public certs can be used to encrypt data such that only the private key can decrypt it.