It is indeed based on Perspectives. But the implementation provided with Perspectives does not have privacy. If you contact a notary with Perspectives then that notary has your browsing history. See 36:50 on http://www.youtube.com/watch?v=Z7Wl2FW2TcA
Very interesting, thank you. It looks like it solves very significant problems in a very good way (I'm amazed the Perspectives guy missed them, especially sending the certificate to Perspectives like Convergence does).
I really, really hope this catches on and gets built into browsers...
It relies on people to set up Notaries that you can specify you trust. There are many organizations I trust. The Tor Project, EFF, my university, the local hackerspace etc. If they ran notaries, I would specify that I trust them. If a SSL Authority/Notary is hacked, you remove them from the list that you trust. At the moment, trust is not agile. Browsers specify in advance which authorities are to be trusted or not.
This project is in its infancy, so get involved, set up a Notary, contribute on GitHub.
I don't see how this is different (even after reading the blog above), other than reducing the initial input list of CAs. Today, if a CA gets hacked, I pull them out of my trust-chain. Either way, I have to pay attention. Help me understand how it solves this, because I do think SSL is currently quite broken and would like to see a solution.
In this case DigiNotar is being removed from browsers because nobody that lives in Mountain View happens to visit sites signed by DigiNotar. And aside from being Dutch, they're also unusually small (they only made 100k in revenue from certificate sales this year).
This is not the common case. There was a very similar incident with Comodo in March, and they weren't removed. This is because Comodo certifies some non-negligible portion of the internet (between 1/4 and 1/5th of certificates), and so removing them would break a lot of things.
The same is true for VeriSign, Thawte, Comodo RAs, Geotrust, Equifax, etc...
I don't trust any of these parties, and yet I kept them in my trust DB for years, because without them the internet was unusable.
What Convergence aims to do is make trust agility even easier than it was for DigiNotar, which itself was unusually simple for the CA model. It also aims to invert the trust relationship, and put trust decisions fully in the hands of the client.
I can appreciate that, I'm just not sure I understand how that will happen. I don't have a direct trust relationship with the vast majority of the internet, so I need to put my trust in somebody else I have a closer relationship with.
Right now, I trust the browser/OS vendors with the ability to black-list individual CAs (or white-list, as the case may be). In the "trust agility" model, I just have to choose somebody else I trust, right?
Maybe as a technical person who spends time in the security world, I can figure out who that should be, but isn't the average person going to find themselves in the same situation (trusting the browser/OS provider)?
Perhaps the better way to phrase this question is thus: How does this prevent 1/4th of the SSL Internet from going down when Comodo gets hacked?
The problem is that right now, in the common case, the browser/OS vendors can't black-list individual CAs. Their ability to do so with DigiNotar is exceptionally rare, and would not be possible most of the time.
Trust agility ensures that clients have the ability to make these trust decisions easily. A client does not necessarily have to be a user, it could still be the browser/OS vendors. For details on how Convergence works, in order to answer your question of how it prevents 1/4th of the SSL internet from going down when Comodo gets hacked, the best reference is (unfortunately) still the presentation: http://www.youtube.com/watch?v=Z7Wl2FW2TcA
The presentation cleared things up marvelously. It may be worth adding the presentation to the convergence.io details page, even if it was just a clip of the last few minutes where you talk about notaries. Once you went through that, everything cleared up.
