These errors have come from sites that I trust and that IE on win2k gives me no trouble. The problem appears to be in OS X IE's not having all the root certificates it should, as was borne out by comments from one site that I contacted. They say they've bugged MS on this, to no avail.
The workarounds:
- Forget IE and use Safari. On the sites I've had trouble with on IE, Safari works great. No problems with the root certs.
- Just say "continue" when asked if you want to continue, even though others can read your data. I suspect that IE still goes through a public key exchange, but just cannot guarantee the authenticity of the the server, and for legal reasons says "others can read" to play safe. That would be smarter than not exchanging a key at all, in which case everyone snooping on your connection could read it. While I cannot personally vouch that that's what IE does, it is according to the support at the one site I conversed with.

