[tracker1]

Considering (relative to now) cookies were added really early on... it would have made sense to have a user/browser token that was only available to a single site, with a reset option.

Another thing that's a little irksome is that nobody uses http auth, because there's no easy logout option.

I will say I do like parts of http/2 being there... I think that dnssec + tls should have been part of the official mix. At the very least CA pricing has fallen into a reasonable range (about $10/month) for wildcard certs. Another thing that took too long is SNI.

Overall though, I think people have gotten pretty spoiled when it comes to technology (myself included)... OMG it takes a whole second and a half between clicking login and being able to see my bank statement. I remember when it was 15-seconds... I think everyone should experience a modem ANSI interface at 9600bps... (not just because I still like BBSes and ANSI art).

[jimktrains2]

I 100% agree with you on the auth part. Mutual auth via something like SRP built into the browser would be a huge boon to building web sites that don't have to handle the plain-text password. Some nice chrome on that, or even an interface with HTML (<form method="mutal-auth-login"> <form method="mutal-auth-logout"> or something) would be super nice.

> OMG it takes a whole second and a half between clicking login and being able to see my bank statement. I remember when it was 15-seconds

What's worse is that people seem to get offended when you say "I have a crappy computer and a crappy connection, this is too bloated". I actually started running noscript soley to block analytics and ads that causing page rendering to delay for 10+s. I had the page. It was all there, but the browser had to wait for all resources before it'd do a full render. All of that immediately stopped with noscript.