I really like that Surf shows a red bar for HTTP connections and a green bar for HTTPS connections. The trouble is, Surf has no store of CA certificates, so can't be verifying server certificates. It is just assuming that any SSL connection is good.
However, active network attacks are so easy to perform that saying "Well, at least Surf defends against passive easvedropping" is not really good enough. Letting people believe that any SSL connection is good is actually worse than nothing, because it creates a false sense of security. I have serious qualms about depending on CAs (the false sense of security they engender is even more of a problem, I'd argue!), but regardless, Surf needs *something*. Perhaps a straight-up SSH-style trust on first use (TOFU) mechanism? Perhaps Perspectives? Perhaps some combination?
