[mikekchar]

I keep toying with the idea of building a system that allows services to authenticate with you. It's not going to be useful for the general population, but for people who have a clue it would be useful for detecting CA hacks. Theoretically it's not so hard -- you send the service a key when you first start using it. The service signs challenges to prove that they have the key. Now an attacker must both hack the CA and get the private key to impersonate the service. I tried to figure out a way to do it with a plugin, but unfortunately it looks like it requires modifications to the browser to make it work. Thinking pragmatically, I suspect that it would never make it into a mainstream browser (for the same reasons that things like Persona never made it).