Convergence (SSL)
Final release | 0.09 (client)
/ 2012-03-07 |
---|---|
Repository | |
Written in | Python, JavaScript |
GPLv3 | |
Website | See Archived 3 August 2016 at the Wayback Machine |
Convergence was a proposed strategy for replacing
In the talk, Marlinspike proposed that all of the current problems with the certificate authority (CA) system could be reduced to a single missing property, which he called "trust agility" and which Convergence aimed to provide. The strategy claimed to be agile, secure, and distributed.[2][3]
As of 2013,
Development of Convergence was continued in a "Convergence Extra" fork until about 2014.[8][third-party source needed]
Background
Convergence was based on previous work from the Perspectives Project at Carnegie Mellon University. Like Perspectives, Convergence authenticated connections by contacting external notaries, but unlike Perspectives, Convergence notaries could use a number of different strategies beyond network perspective in order to reach a verdict.
Convergence in comparison to conventional SSL
The purpose of a
With Convergence, however, there was a level of
In September 2011, Qualys announced it would run two notary servers.[10] As of June, 2016 these servers appeared to be down.[11] A list of notaries was maintained on the Convergence wiki.[12]
Alternatives
- The Monkeysphere Project tries to solve the same problem by using the PGP web of trust model to assess the authenticity of https certificates.[13]
- HTTP Public Key Pinning is a security mechanism which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
- Certificate Transparency is an attempt to solve the problem by verifiable append-only public logs.
References
- ^ "SSL And The Future Of Authenticity". YouTube.
- ^ Schwartz, Mathew J. (2011-09-30). "New SSL Alternative: Support Grows For Convergence". InformationWeek. UBM. Archived from the original on 2011-10-01. Retrieved 2016-09-25.
- ^ Messmer, Ellen (2011-10-12). "The SSL certificate industry can and should be replaced". Network World. IDG. Archived from the original on 2014-03-01. Retrieved 2016-09-25.
- ^ Marlinspike, Moxie [@moxie] (February 18, 2013). "@deviantollam Unfortunately it's not possible to develop a convergence chrome extension. We've been focusing more on http://tack.io" (Tweet) – via Twitter.
- ^ "Trust Assertions for Certificate Keys". Archived from the original on 2018-09-04. Retrieved 2019-06-19.
- ^ Fisher, Dennis (2012-05-30). "Moxie Marlinspike on TACK, Convergence and Trust Agility". ThreatPost.
- ^ Marlinspike, Moxie (October 2012). "Trevor Perrin and I are actually making..." Hacker News (Forum). Retrieved 2016-09-24.
- ^ "mk-fg/convergence". August 27, 2020 – via GitHub.
- ^ Goodin, Dan. "Dutch CA banished for life from Chrome, Firefox". www.theregister.com.
- ^ "SSL Labs: Announcing launch of two Convergence notaries". Qualys Security Blog. September 29, 2011.
- ^ U.S. notary server: https://www.ssllabs.com/convergence/notary-us.convergence.qualys.com.notary[permanent dead link]
- ^ "moxie0/Convergence". GitHub.
- S2CID 3746068. Retrieved 2019-12-20.
External links
- "Convergence". Archived from the original on 3 August 2016. Retrieved 13 October 2011.
{{cite web}}
: CS1 maint: bot: original URL status unknown (link) - Convergence project page at GitHub