Well played indeed. In my posts discussing the recent MD5 hack that led to a rogue CA, I neglected to give the utmust credit to the researchers involved. These guys did an amazing job to not only recognize and develop the attack, but to actually execute it, dodge the legal questions, and present their findings at CCC.
And you gotta wonder what it would feel like to have in your hands a rogue CA that can break the trust people have in the web. That definitely has to be an awesome feeling, and I think we all owe the guys a weekend a beer!