Trust issues (and the web), 03 - Convergence

In a previous post I promised that I would check out some of the solutions that promise a safer and thus better web.

This is part two, Convergence.

How does it work?

Convergence replaces the certificate authorities (CA) used traditionally in SSL by an independent distributed authorities, called notaries.

It totally ignores the CA that issued a sites certificate and instead checks the certificate over all activated notaries. These can be added, removed or disabled on personal preference; so you don't have to trust a bunch of faceless corporations which are each a SPOF in the whole concept(!), but can instead trust a number of notaries working together.

This can be one of your own servers in your LAN (providing no MITM security towards the internet), another one of your servers reachable over the internet, and the server of people or organizations you may or may not trust all over the world.

Than you can decide if it is enough for you if only one notary validates the requested certificate - bad idea, perhaps even a little worse than the CA system. However, the default is to gain a majority validation. This means every active notary will be checked and if most of them (to be exact, the simple majority) validate, convergence accepts the certificate. The last option is to only accept absolute concensus of all notaries, what makes authentication fail if one notary either gets the wrong certificate or is not reachable.

Upsides

  • totally bypasses the CA system with all its issues
  • makes self-signed certificates fun!
  • totally user-configurable
  • usually fast

Downsides

  • addon needed (could change if browser vendors adopt the concept)
  • first-time-configuration needed (add notaries - could change if browser and os vendors included a basic few)
  • can cause slight delays if one of the notaries is slow

Conclusion

I think convergence is a great idea.

The concept is well-thought, the implementation is solid and a pleasure to use. Even usually painful self-signed certificates work like a charm because convergence doesn't care about CA's. You are always in control, which of course means you have to make sure you have a number of notaries that can be trusted.

Of course everything is open source and so far the addon as well as the notary-server are constantly under (very active) development. It is easy and reasonable to run your own notary, for yourself or for others. It is largely written in python, and light on (very reasonable) dependencies, so if you feel like participating, I don't see any reason why not.

Long story short: great concept, great implementation: get it!