@jdavidnet my point is that trying to infer trust based on whether or not someone paid for an SSL certificate or not is a terrible idea. It also breaks the whole neutrality aspect of SSL providers — as long as the SSL certificate has an authority you trust in it's certificate chain, then you should trust it.