One more thing: why isn't there (or is there that I don't know about?) a web-of-trust model system for SSL certificates? At this point, it seems like the only secure solution is self-signed certificates, and that is only "secure" if you know the person who runs the server.
At this point I would say anyone who wants web-based secure email had better be running their own web and mail servers. Or else they are more trusting than I am that every Certificate Authority in the world isn't CCing everyone's private webserver keys (which the CA's generate) to every three-letter-agency on Earth.
I agree the CA system is flawed and proven to be broken/compromised in some important cases.
Namecoin TLS is now at functional state and the concept has been proven. Now it needs some more work (and devs) to bring it to a level where widespread usage is simple.
http://dot-bit.org/forum/viewtopic.php?f=2&t=552Thank you for pointing that out. I was of course aware of Namecoin but not Namecoin TLS. I'm setting up a forum (and probably web-based email) with encrypted storage and SSL-only access, and physical hosting at a location I have control over. I don't have a lot of bandwidth so I'm not making it available to to the public (sorry) but I am concerned about making it work.
What I've done is put the root domain and a subdomain on two different physical servers: one has a Comodo SSL certificate and the other has a certificate generated by my own local Certificate Authority. The root certificate hasn't left the machine with the webserver. The domain with the Comodo cert has one thing on it: a download link to my own CA public cert which can be installed into people's browsers or OSes.
This gets me third-party authentication so you know that the cert came from the controller of the domain, and then encryption where the private keys for the server and CA are only on the server and have only ever been on the server.
And it's *really* kind of convoluted. AND if I were offering it publicly, it still wouldn't be an alternative because all it would take is someone physically stealing the server or arresting me and cutting the lock off the case.
Anyhow, I'd been thinking about registering a dot-bit domain as an alternate means of accessing the site. Now I'm considering that much more seriously. Thank you.