SSL Arms Race: Talk @ RSA Conference

Digicert's Ben Wilson moderated a panel with very competent members about SSL security with people from Comodo, Mozilla, PhoneFactor and Qualsys.
Last year's threats are still there, although the number of servers vulnerable to the renegotiation bug dropped to 23%. No numbers whether mixed content and weak CA are decreasing. [The problem is that in many cases there are cheaper attack vectors available].
Of the technologies now in development OCSP stapling, HSTS and Content Security Policy (CSP) were discussed. CSP is a nice idea that allows the web site developer/operator to specify a content policy, e.g. to disallow Javascript, thus mitigating e.g. XSS attacks. 
Moxie Marlinspike's Convergence was criticized for requiring a huge momentum for its deployment, without substantial effort in the respective organizations (meaning IETF, W3C and the like). [My opinion: If it is a useful concept, then others should will join in. ENISA e.g. endorsed the concept]. 
An interesting concept is Certificate Transparency. It makes Issuance Logging public to domain owners, auditors and interested users. Like Convergence it may track abuse certificates issued by a CA not being authorized by the respective domain. However, it does not rely on client-side deployments, but on the community scrutinizing the issues certificates.