> Given that, there should have been an option for self-generated, free > encryption only certificates (with a different lock icon, or whatever) > in the first place.
But my point is that this gains nothing. If I connect with SSL to foobar-random-losers.com that has a valid CA-signed certificate, even though I've never dealt with them before, at least the CA has done some minimal checking that the people they're giving the certificate to own or have responsibility for that domain. No, the CA doesn't accept any liability for problems, but the risk is substantially reduced. If I connect to foobar-random-losers.com that uses a self-signed certificate, I have no expectation of any securit or privacy. I might be connecting to people who have hijacked the domain. Or I might be connecting to the "real" foobar-random-losers.com but having a man-in-the-middle who is presenting me with a different self-signed cert, and running one encrypted session to me and a different encrypted session to the real site. They might pass the data through unchanged and simply steal the contents for their own nefarious purposes. Or they might deliberately alter the data in transit, committing me to sell a thousand shares of stock instead of buying a thousand. Unless you thing the CA isn't following proper procedures, or that the "proper procedures" don't work, having a CA-signed certificate is *much* better than just using some random session key. If I see a TV ad for foobar-random-losers, and call their 800 number and place a credit card order, it's possible that the call is being diverted by a third party. But it's much less likely than such occurances on the internet. The phone company doesn't absolutely guarantee that when I dial the advertised 800 number I will get the party that is responsible for that phone number. But their system and procedures make it likely enough that people do business this way all the time. On the internet, on the other hand, there are *trivial* attacks to divert or eavesdrop on traffic that can be mounted from halfway around the planet. Sending valuable data over a non-SSL link, or an SSL link where the other party uses a self-signed certificate that you can't verify, is just asking for trouble. [Note that there is no problem with using a self-signed cert if you have some secure way of getting your root cert to your users.]
