btw, moving away from ip based security would allow not needing users' ip's to be in their userfiles anymore. So if a site box was ever 'taken' it would allow for more security/privacy as it would be much harder to find someone based on the cert of their pc than it would be to find them by the ip of their pc.
Except that there would need to be an option to not log ip's as well. DrFTPd has this option so maybe it could be added to io as well. It just replaces 111.111.111.111 with xxx.xxx.xxx.xxx in the logs, or something similar. This would allow more anonymity (in light of recent events I think we all agree this is a good thing). I was just thinking of some of the implications of this new cert-based security and thought of this aspect of it. Didn't see it mentioned yet so thought I would go ahead and mention it.