Maybe we could design a protocol for securing the socket layer, maybe even automate the key exchange so that it's basically transparent to the user, and then why not do the same thing for the people that need certs, let them ask for it whenever they want and provide them a nice tool to automatically renew it. /s