So, what could Google do to demonstrate that it still takes on-line security seriously?
Google has the infrastructure, manpower and, I’d argue, interest in doing such a thing. In fact, in many ways, it already offers the flesh around this missing skeleton.
Perhaps it could support the CACert effort with funding and enough energy to get it through the audits required to have their root certificate included in Mozilla’s Firefox, as-shipped? And, while Google are at it (restoring their image of benevolence, that is), they could include that root certificate in Chrome too.