Well, to make it good for the community-at-large, we could setup openacs.org as the root Certificate Authority and give all openacs sites the option to get their SSL-server certificate from that server. Next up we could start issuing sub-CA certificates to all OpenACS sites out there, so they can give out certificates to their members.
For developers we could use it to enable package signing, so OpenACS packages can be downloaded directly from the internet and you can be certain it has not been modified.
Personaly I am not really into code-signing, as this tends to give a very false sense of security, and in general is not worth the effort. I would just like to do signed postings and email.
