I believe that most browsers and even some TELNET/FTP/SMTP clients that
support START_TLS will allow the certificate to be saved as an
authenticator of the host provided that the certificate is not a
self-signed cert. If you do not want to use a commercial CA, then you
should generate your own
Note that SSH is vulnerable to a Man in the Middle attack (not meet in
the middle -- that is an attack on 2DES where you attack from the
input and output and then "meet in the middle"). In particular SSH is
vulnerable if you do NOT have the long-term server key cached on the
client.
That notwiths