An article that is critical (and justly so) about recent changes to the SSL certificate warnings in Firefox 3. This is discussed here on Slashdot. The approach I would favor would be to have two indicators: one to indicate that you are using SSL encryption to protect the communications with the web server and the second to indicate that you are talking to an authenticated web site. In this way if one was talking to a self-signed site (or one that is signed by an unrecognized authority) only the encrypted status would be shown. Of course this makes things a bit more complicated for the user, but it would be less intrusive than the current solution. More criticism of it here and here (with good screen captures) and further discussion on Slashdot here.