John writes: > Now, if I read this correctly, there is no > more choice ... You read incorrectly. Default behavior is not mandatory behavior. > Conversely, if I'm part of an enterprise that > issues its own certs for internal purposes, it > doesn't look as if I can make those certs usable > in the XP environment, since such internal > certs don't satisfy the "broad business value to Microsoft > platform customers" criterion and hence will not be accepted by > Microsoft for use in the specified environment. You read incorrectly, again. You can add any certificates you want to your machines. You just can't get Microsoft to make them publicly available for distribution by MS without convincing them that doing so is worthwhile for Microsoft, which makes perfect sense. > I hope this is only part of the story, and that > user options to accept some certs (even if they are > not accepted by Microsoft) and reject others (even > if they are accepted by Microsoft) still > exist in some usable form. They do. Look under Internet Options in Internet Explorer.