Of course, this will just make the browsers pop up dialog boxes
which everyone will click OK on...
And brings us to an even more interesting question, since everything
is trusting their in-browser root CAs and such. How trustable is the
auto-update process? If one does provoke a mass-revocation of
certificates and everyone needs to update their browsers... how do
the auto-update daemons *know* that what they are getting is the real
[I haven't looked into this, just bringing it up. I'm almost certain
its less secure than the joke that is SSL certification].