Re: If selling certificates becomes like selling domains...
"they'll still prevent man-in-the-middle alteration"
If world & dog just ignores dodgy or revoked certs (like Google do in Chrome) when so many stink and/or change for no good reason, then what is to stop an ISP doing a proxy with some self-signed cert for everywhere?