> <ruleset name="Reddit" match-cn="no" trusted="yes"> This would allow any server with a valid, trusted-CA-issued certificate issued to any subject to authenticate as reddit.com. That is badder than the status quo. -- http://noncombatant.org/