Google's take on certificate selection: http://code.google.com/p/android/issues/detail?id=38393
"I designed the API with the intent that filtering could be added later if necessary, but I've never been convinced that users really are going to have large numbers of keys. What I said about issuer filtering really is true. It almost always is configured wrong if at all. If you can motivate a use case, I'm all ears" -- Anders
