This creates a secondary protection layer, because in addition to a fraudulently-obtained, CA-signed, SSL certificate, an attacker would also need the domain owner's private TACK key in order to pull off a successful attack.

TACK is designed to be backward-compatible with both clients and servers that lack support for it. In such situations, the HTTPS connection gets negotiated according to the current CA-based validation system.

This aspect is particularly important given the slow adoption of new TLS versions by Web server owners. According to Trustworthy Internet Movement's , fewer than two percent of the Internet's top 200,000 HTTPS-enabled websites support TLS 1.1 or 1.2, the latest versions of the protocol.

The vast majority of websites still support SSL 3.0, the precursor of TLS, and TLS version 1.0, which was designed in 1999. Over 30 percent of them still support SSL 2.0, the first publicly available and most insecure version of the protocol.

Under these conditions, it's hard to imagine TACK becoming widely implemented anytime soon, even if the extension ends up receiving approval from the IETF.