I have no idea what you are trying to express here. "Trust On First Use" is a synonym for key continuity. The fact that you have to type "yes" when SSH does it and click a series of buttons when a browser does it doesn't change anything.
I think you think that "Trust On First Use" means "automatically accept keys the first time you hit a site". In fact, that's only true in practice. Presumably everyone's going to get the "Watch Out! This Could Be Iran!" dialog from their browser, too.
There isn't any non-Internet communication channel that users could use to find Google's fingerprint. Google won't give their fingerprints on the phone for billions of web users.
Theoretical models that have no practicality in a given real life context aren't worth discussing as a solution.
tptacek|14 years ago
I think you think that "Trust On First Use" means "automatically accept keys the first time you hit a site". In fact, that's only true in practice. Presumably everyone's going to get the "Watch Out! This Could Be Iran!" dialog from their browser, too.
vladd|14 years ago
Theoretical models that have no practicality in a given real life context aren't worth discussing as a solution.