Two new proposals have come forward that look to make a gradual, compatible transition away from the current model possible. One is called Public Key Pinning Extension for HTTP, while another is called Trust Assertions for Certificate Keys (TACK) Both proposals are in draft form with the IETF and there are many technical details not covered here. For sites that would support these new extensions they could offer an extra digital signature of their certificate signed by the site owner. This means an attacker wishing to perform a man-in-the-middle attack would have to compromise a certificate authority, but also compromise the private key possessed by the web site operator.”]