Oh, I didn't realise TACK was your proposal. Now I'm wondering why it wasn't included in TLS in the first place. It sounds very reasonable, but the more valuable (to me, at least) functionality is the ability to have even self-signed certificates be trusted (i.e. what Convergence does). Why is Convergence blocking on TACK, by the way? It sounds like the two would be complementary. Is it just the notary load that is generated when looking up the certificate on every request? Can't that just be cached?