SSL Certificate Authorities vs. Convergence, Perspectives
alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."
Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. With massive botnets and the like there is simply no way to rely on any number of "individuals" to issue correct information. The only way around this is to have some central authority say "your opinion matters and yours doesn't." Voila, you have the present system.
For unimportant things or things so unimportant the difficulty makes the problem not worthwhile, a distributed reputation system works. Someone above mentioned Ebay. This system works because the rating of individual sellers, while important to them, isn't terribly important to all that many people, and the system is rather difficult for an individual to game. But for a distributed SSL certificate network, not only is the incentive there, but the people involved are massive and extremely technologically sophisticated.
Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.
And you won't get your average Internet browser to change. People conducting MITM attacks generally aren't concerned with people who are really security conscious. If they actually are conducting targeted attacks against you, then you should have much better security in place. Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton