>> - And: there ARE poeples and services which doen't allow encrypted access for >> legal or organisational reasons - It doesn't have to be anything that deliberate. On my mobile phone, I run into web sites all the time where for some reason the phone doesn't like the SSL certificate and makes it very difficult to click through. They work fine on my Mac and Linux boxes, so who knows what's wrong. Given the absurd number of CAs, it's probably some mismatch of intermediate certs, and I could track it down and fix it eventually, but in the meantime, it would be nice if I still had the option to look at the fripping stuff. We should be able to assume our users are big girls and boys who can make reasonable tradeoffs in the face of the inevitable failure of some of the moving parts. R's, John