Laurie: Improving SSL certificate security

I think you need to be careful how you define SSH as a 'success'

yes lots of people use it, by that definition it's a success, but the reason for this is convenience, not security.

it's much more convenient to transfer files via scp than it is to use ftp, the fact that 'telnet' functionality, file transfer functionality, and tunneling functionality all happen over the same port is 'convenient' (as long as you don't want to allow some of these functions and not others)

it's also widespread because it's become a 'checkbox security' item that auditors can understand (you use telnet with one-time passwords, evil, you use ssh with passwordless access and everyone able to sudo, wonderful)

I don't believe that good security practices around ssh are nearly as widespread as security people seem to think. I believe that most people will not care about any ssh warnings, and will do whatever it takes to clear them if they come up (as opposed to actually worrying that the system has been compromised)