Moxie Marlinspike is the creator of Convergence. I highly recommend watching his Blackhat 2011 talk (http://www.youtube.com/watch?v=Z7Wl2FW2TcA) covering authenticity on the web and Convergence.
The problems of certificate forgery and CA's that are too big to fail, can be fixed by extending the current system, to require certificates to be signed by multiple CA's, who do not fall under the same jurisdiction or influences. I wrote about this idea yesterday:
Isn't a better long-term solution to simply have DNSSEC distribute your site's public key? The idea that I have to buy a domain name and an SSL certificate is silly. For extended validation, what should be verified is your public key, not your domain. So if the public key is also signed by a number of CAs, it is considered valid.
This thing is as old as DEFCON 2011 (see http://blog.thoughtcrime.org/ssl-and-the-future-of-authentic...) but in view of current events of certificate trustworthiness, there is quite a chance for anything that can successfully replace the approach of trusting CAs.
Please view this blog entry (from the core author of convergence.io) to get the idea of also why DNSSEC is not a good approach (he had put it in the way that it's worse than CAs.)
The ones with signatures that check out. That's the SEC part of DNSSEC. The root key(s) are published and you can verify authenticity all the way down.
New project. Get involved on GitHub. Write the Safari/Chrome version. Until browsers ship this with their main product, users will have to install plug-ins.
Won't writing a plugin for one of Safari, Chrome or Opera mean that it can be used with the other two browsers? I think they all use the same plugin standard.
I don't think so. Even though Safari and Chrome both use webkit, Chrome has a very different security model and API. Opera might be completely different.
One of the main security risks is social engineering.
The only reason why my mum won't be tricked into adding a rogue CA root is because it's too complicated to do for her, even if she wanted to.
* If it was as easy as installing a fake Flash plugin Trojan, she'd have installed plenty of rogue CAs already;
* If it remains hard to do, she'll stick to the default config, which is what she does already.
So, the main change wrt the current PKI system is that by default, her browser would probably check a certificate validity against a couple of top authorities, rather than a single one. I guess it would make getting a certificate a couple of times more complicated, hence a couple of times more expensive (if the process of trust propagation is fully automated, then I'm no safer than with a single CA signature).
To sum up, I don't see how this would improve the situation for average Joes and Janes. Since Paypal, Amazon, Google etc. primarily care about average Joes, I don't see why they would adopt that kind of cyberpunk technology.
Google cares that governments aren't man-in-the-middling their web browser when talking to their online services.
That's how the DigiNotar breach was publicly disclosed. The browser/CA CAB forum knew about it and had been hiding it for weeks until an actual Chrome user posted a message in the Gmail support forum: https://www.google.com/support/forum/p/gmail/thread?tid=2da6...
DigiNotar knew about and hid the attack. I don't believe there is any evidence that the CA/Browser Forum knew about the attack until it was made public.
Right. Well the attacks (and emergency revocations) go back at least to March with Comodo. Vasco/Diginotar had auditors and outside security consultants in June. Maybe not CAB Forum per se, but I'm not so sure I believe that no one was notified of anything. There are likely some serious contractual disclosure obligations there, perhaps even criminal WRT the Dutch government.
> If it remains hard to do, she'll stick to the default config, which is what she does already.
The problem with the CA system is that the default config is already unsafe, let alone robust, as evidenced by major browsers hastily releasing new versions to be able to revoke trust in a single CA. Jane McNewbie goes to sleep every night without a worry on her mind while the Comodos and Diginotars of this world make mistake after mistake. Is that really so much better?
> So, the main change wrt the current PKI system is that by default, her browser would probably check a certificate validity against a couple of top authorities, rather than a single one. I guess it would make getting a certificate a couple of times more complicated, hence a couple of times more expensive (if the process of trust propagation is fully automated, then I'm no safer than with a single CA signature).
You guess? Have you actually looked at Convergence?
I think he advantage of this is that websites aren't tied to a single CA, so you can drop a root certificate without breaking them all, regardless of who actually makes the decision.
In two words, 'trust agility' as they say in the website.
Stupid question on Convergence: If I could intercept ALL the traffic from your local network, couldn't I still perform a MITM attack by simulating both the destination host and the notary?
People that value their internet security and are disappointed by the current SSL trust system.
I'm sure it will have to see a lot of testing by interested power users first, before it is ready for prime time / default integration into browsers.
Nevertheless, I think it is a very interesting development as it is much more realistic than the current trust system. Trust is no longer something absolute, eternal, dealt out by somehow globally fully trusted entities.
