It's very well known (and even widely accepted) that our current web application deployment model suffers from multiple security problems. We've done a lot to mitigate these problems over the years but there is only so much one can do when building on an insecure foundation. I have kept a list of things I'd like to see changed - I wrote about it this time last year.
Since then I placed my ideas in a somewhat coherent form and give it a name - Secure Browsing Mode. From the document:
It is widely accepted today that web applications are inherently insecure. A lot of energy was invested in the past years into making web applications more secure, but there is only so much we can do with the fundamentally insecure foundation. This brief document proposes a set of possible browser improvements that would allow us to establish, gradually, a secure environment for web applications.
Download PDF: Secure Browsing Mode
