Loading ...
Sorry, an error occurred while loading the content.

Re: [decentralization] decentralized certificate authority

Expand Messages
  • Johannes Ernst
    Which kinds of certs does it work with? Have you considered use cases other than HTTPS? Sent from my iPhone
    Message 1 of 4 , Aug 5, 2011
    • 0 Attachment
      Which kinds of certs does it work with? Have you considered use cases other than HTTPS?

      Sent from my iPhone

      On Aug 5, 2011, at 8:31, Lucas Gonze <lucas@...> wrote:

       

      http://convergence.io/details.html


      • Secure

        Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.

      • Trust Agility

        Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want.

      • Distributed

        Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.

      • Robust

        Convergence can be configured to require trust consensus amongst multiple notaries, preventing any single notary from having the ability to compromise security.

      • Simple

        Convergence is fully backward compatible with the existing deployment of certificates, and doesn't require website operators to change anything. Just install the Firefox add-on, select who you trust, and be done with Certificate Authorities forever. Everything will look exactly the same, and you'll never get a self-signed certificate warning again.

      • Anonymous

        Convergence caches trust information locally, and has a mode to shield your IP address from notaries when communicating with them, so that you never leak your browsing history to anyone else.

    • Lucas Gonze
      I haven t read far enough to know - that s somebody else s project, not my own. One reaction I have is that it s high time to acknowledge that the value of
      Message 2 of 4 , Aug 5, 2011
      • 0 Attachment
        I haven't read far enough to know - that's somebody else's project, not my own.

        One reaction I have is that it's high time to acknowledge that the value of certificate authorities is a fiction. Self-signed certificates are all you ever need. Or am I wrong? Are you aware of any value added by the canonical root certificate authority?

        The other thought is that this particular approach is a the same in spirit as Pet Names.

        On Fri, Aug 5, 2011 at 9:02 AM, Johannes Ernst <jernst@...> wrote:


        Which kinds of certs does it work with? Have you considered use cases other than HTTPS?

        Sent from my iPhone

        On Aug 5, 2011, at 8:31, Lucas Gonze <lucas@...> wrote:

         

        http://convergence.io/details.html


        • Secure

          Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.

        • Trust Agility

          Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want.

        • Distributed

          Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.

        • Robust

          Convergence can be configured to require trust consensus amongst multiple notaries, preventing any single notary from having the ability to compromise security.

        • Simple

          Convergence is fully backward compatible with the existing deployment of certificates, and doesn't require website operators to change anything. Just install the Firefox add-on, select who you trust, and be done with Certificate Authorities forever. Everything will look exactly the same, and you'll never get a self-signed certificate warning again.

        • Anonymous

          Convergence caches trust information locally, and has a mode to shield your IP address from notaries when communicating with them, so that you never leak your browsing history to anyone else.




      • Olle E. Johansson
        ... The IETF is looking into using DNSsec as a secure root for your own self-signed certs. That s a valid way forward.
        Message 3 of 4 , Aug 8, 2011
        • 0 Attachment
          5 aug 2011 kl. 20:19 skrev Lucas Gonze:

          > I haven't read far enough to know - that's somebody else's project, not my own.
          >
          >
          > One reaction I have is that it's high time to acknowledge that the value of certificate authorities is a fiction. Self-signed certificates are all you ever need. Or am I wrong? Are you aware of any value added by the canonical root certificate authority?

          The IETF is looking into using DNSsec as a secure root for your own self-signed certs. That's a valid way forward.

          http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/

          /O
        Your message has been successfully submitted and would be delivered to recipients shortly.