[gojomo]

All interesting ideas... but don't directly address rapid trust revocation, as in the case of recent relevance: a site's private keys are assumed to have been compromised (as if by the heartbleed bug).

Or are you suggesting every browser will contact many of its personal web-of-trust sources on every secure-connection? Without additional innovation, that seems just as prone to the performance bottlenecks or soft-failure (on stale data or blocked connections) as the current system.

[moe]

Or are you suggesting every browser will contact many of its personal web-of-trust sources on every secure-connection?

For Hacker News? No.

For my bank? Yes, absolutely.

The implementation of a fast and scalable lookup is not exactly rocket science (cf. DNSBLs). It's a political problem, not a technology problem.

[gojomo]

Definitely agree that prompt revocation shouldn't be as hard as these apologetics-for-Chrome imply, and this hasn't festered as an unsolved problem for so long.