Comment Re:SSL Sites Are Becoming A Must (Score 0) 316
Companies like VeriSign and Thawte just make "trust" easier since their CA Certs come pre-installed in most browsers, allowing you to avoid the nag dialog claiming "Untrusted Cert!!".
That's exactly the problem - the fact that a few "trusted" CAs are pre-recognized by browsers makes it impossible (for all practical purposes) to provide your own certificate because users will have to import your certificate in order to avoid being notified that your site is not trustworthy. On a site with a large pre-existing and tech-savvy audience like Slashdot, this may be okay - but just try getting users to willingly do this for a different site.
This is why it's too late to do anything about the problem. The average user is so used to the fact that any site with an "https://" url is "trustworthy" unless they're otherwise notified, that if encryption and trust were suddenly separated, identity theives would have a field day.
