[psadauskas]

I guess I could expand upon that in the 2nd bonus point. Certificates would make an excellent extension to HTTP Auth, as long as end-users can self-sign, like SSH, and not have to pay a $100/yr extortion fee to a company like Verisign.

[epc]

Commercial x509 certificates are as cheap as $9.95 and there's several free services. But they are a pain to try to explain to a typical end user on how to configure and install in their browser.