HotJava/User is unable to control SSL behavior when a certificate's hostname
does not match the connected site. Right now, HotJava always denies the
connection, whereas Netscape permits the user to OK the difference.

It seems to me that possible some sort of API change is needed to resolve this.