Slashdot Mirror

← Back to Domains

Domain: convergence.io

Stories and comments across the archive that link to convergence.io.

Stories · 2

  1. SSL Certificate Authorities vs. Convergence, Perspectives

    It · Communications · · posted by timothy · from the with-moxie-marlinspike-as-guy-fawkes dept. · 127 comments
    alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."

  2. Moxie Marlinspike's Solution To the SSL CA Problem

    Tech · Security · · posted by timothy · from the disaggregate-someone-today dept. · 189 comments
    Trevelyan writes "In his Blackhat talk on the past and future of SSL (YouTube video) Moxie Marlinspike explains the problems of SSL today, and the history of how it came to be so. He then goes on to not only propose a solution, but he's implemented it as well: Convergence. It will let you turn off all those untrustable CAs in you browser and still safely use HTTPS. It even works with self-signed certificates. You still need to trust someone, but not forever like CAs. The system has 'Notaries,' which you can ask anonymously for their view on a certificate's authenticity. You can pool Notaries for a consensus, and add/remove them at any time."