Ian Grigg has a great page on the SSL industry (really the “certification authority” industry.) Worth reading.
The topic reminds me of an essay, I think from Nick Szabo, on the use of language and terminology within the security industry to distort thinking. (The bit I remember discussed the use of “certification authorities,” self-declared.) I’m having trouble finding it. Can anyone help?