Can't a "trusted" domain itself, i.e. one with a non-expired cert, do all that shit just as well as a "non-trusted" one? AIUI, the cert only confirms that you are who you say you are, not that you're a good guy. I mean,are you saying Facebook doesn't have a cert, or that it doesn't have spam and advertising?
