Several things come to mind; let's take Convergence (http://www.convergence.io) as an example. First, the software (Convergence plugin and notary code) need to be stable. This is mainly the job for the project team, but they might need help. In my personal experience, the code works well; haven't checked recently to see how it performs for others. The Convergence plugin is a hack, so it probably has a few rough edges.
Second, the protocol and the code need to be independently reviewed. This hasn't happened as of yet, but I am sure will if the popularity of Convergence increases. I'd be willing to give it a go at some point.
Third, we need a good-enough infrastructure to start with. SSL Labs (which I run at Qualys) sponsors Convergence by providing 4 notary servers (2 in the US, 2 in Europe). These notaries are installed by default, so you could say that the infrastructure is decent (at the current level of usage).
Finally, we need to have the technology available in all major browsers, at the very least pre-installed and available as an option, but -- ideally -- fully integrated ("This looks like a self-signed certificate; please wait for a moment while we verify that you are not under an attack"). A big problem for adoption is that browsers are lacking APIs for this type of work.
Second, the protocol and the code need to be independently reviewed. This hasn't happened as of yet, but I am sure will if the popularity of Convergence increases. I'd be willing to give it a go at some point.
Third, we need a good-enough infrastructure to start with. SSL Labs (which I run at Qualys) sponsors Convergence by providing 4 notary servers (2 in the US, 2 in Europe). These notaries are installed by default, so you could say that the infrastructure is decent (at the current level of usage).
Finally, we need to have the technology available in all major browsers, at the very least pre-installed and available as an option, but -- ideally -- fully integrated ("This looks like a self-signed certificate; please wait for a moment while we verify that you are not under an attack"). A big problem for adoption is that browsers are lacking APIs for this type of work.