What browsers still actually need is a really good way of dealing with certificates. The current mess is a sad joke.
I've tried things like Certificate Patrol, but that has tremendous problems in everyday usage. Browsers do a little bit of pinning, but security for the vast majority of sites is still dependent on the non-malfeasance of each and every one of the hundreds of certificate authorities that are trusted by default.
IMO that is problem #1, and it's been problem #1 for a decade or more. Mozilla takes in about $300 million a year, but I guess certificates are just too difficult a problem to solve properly with such a paltry sum of money.
What browsers still actually need is a really good way of dealing with certificates. The current mess is a sad joke.
I've tried things like Certificate Patrol, but that has tremendous problems in everyday usage. Browsers do a little bit of pinning, but security for the vast majority of sites is still dependent on the non-malfeasance of each and every one of the hundreds of certificate authorities that are trusted by default.
IMO that is problem #1, and it's been problem #1 for a decade or more. Mozilla takes in about $300 million a year, but I guess certificates are just too difficult a problem to solve properly with such a paltry sum of money.