7083Re: [decentralization] decentralized certificate authority
- Aug 5, 2011Which kinds of certs does it work with? Have you considered use cases other than HTTPS?
Sent from my iPhone
On Aug 5, 2011, at 8:31, Lucas Gonze <lucas@...> wrote:
Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.
Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want.
Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.
Convergence can be configured to require trust consensus amongst multiple notaries, preventing any single notary from having the ability to compromise security.
Convergence is fully backward compatible with the existing deployment of certificates, and doesn't require website operators to change anything. Just install the Firefox add-on, select who you trust, and be done with Certificate Authorities forever. Everything will look exactly the same, and you'll never get a self-signed certificate warning again.
Convergence caches trust information locally, and has a mode to shield your IP address from notaries when communicating with them, so that you never leak your browsing history to anyone else.
- << Previous post in topic Next post in topic >>