If you haven´t heard about Alice and Bob yet, please read http://en.wikipedia.org/wiki/Alice_and_Bob and http://downlode.org/etext/alicebob.html first.
Have you ever verified Alice and Bob´s identity?
Actually, one of those 2 has an identity problem, I think.
According to their biography ( http://downlode.org/etext/alicebob.html ) they have never met yet. So they need to get certificates from CAcer, and get their identity verified through CAcert assurers, so that they can present verify each others´s identity through the certificates.
But what actually happened was that a CAcert assurer couldn´t verify Bob´s identity, since his stated name doesn´t match the one in his ID documents.
What did you think is the name that´s written in Bob´s ID document?
So Bob couldn´t get a CAcert certificate that proved his name, and poor Alice wasn´t able to get Bob´s identity verified!
Yes, the original flaw was when the cryptographers casted Alice and Bob. They should have casted Alice and Robert instead.