There used to be StartSSL chain-o-trust back-in-days. Centralized, but working. Maybe one day someone creates decentralized one - and browser supporting it. Me breath is holding not :-/

There should be a web of trust for SSL certificates integrated into browsers rather than this bizarre and complex OS/browser-distributed international list of [certificate authorities](https://en.m.wikipedia.org/wiki/Certificate_authority). Than onion sites could have a chain of trust to the end-user without centralized trust systems.

Brunswick

I think the legitimacy of Tor sites is still an unsolved problem. I'm sorry, but many people tried lot's of strategies and the truth is that none succeeded yet.