The problem that makes me feel uneasy about SSL is the vulnerability of the certification authorities; when they get compromised, everything they signed gets compromised too. However, the system could be for some applications potentially get hardened to certain degree, using the web-of-trust approach. The server presents its certificate to the client. The client then can optionally request the GPG signature of the certificate from the server either by always trying if it is there or only if its presence is indicated in the certificate data fields, and verify it by the specified GPG public key (which then can be firmly embedded in the web of trust). The server's key may be stored on the server itself together with the certificate signature file, or the signature file may indicate the keyserver it should be fetched from. Being signed by several trusted keys is crucial for this purpose, as otherwise it would be trivial to compromise the GPG pubkey together with the signature and the SSL certificate, if the adversary gets access to the server and manages to compromise the CA (risk especially with in-house CAs, or when Agencies get involved). The clients should cache the server's authentication information, and report any changes, like SSH does. The location of the signature may vary; it can be stored in a default place on the server (https://secure.server.com/cert-gpgsignature.asc), or the location can be specified in a X509 field. Is it a good idea? Could it fly? If not, why?