Robert

I still believe that convergence is a first step into the right direction. A small step technically, a big step regarding CA business models.
Let´s have one more look at the DigiNotar case. Some hacker penetrated their whole infrastructure and issued over 500 rogue certificates. DigiNotar did not disclose this “incident” and therefore those rogue certificates were fully trusted ones. The hacker seems to live in Iran and support the regime there. Maybe more kind of self-employed than being a paid “digital soldier”. Nevertheless, Iran on the one hand wants to control communication of the political opposition and on the other hand would love to strike back as a revenge for the SCADA attack against their atomic program. We are facing a period with a high amount of “rogue energy”.
SSL, DNSSEC and whatever else we currently do for Information security and privacy on the Internet is not designed to withstand this kind of attacks.
Trust relationships need to be based on “crowd intelligence” and they need to be agile also in a way that trust levels appropriate to the protected process can be defined.

Notaries for the Convergence system are not existing yet. The more participate, the better Convergence will be. The opposite to the CA system we have now: The more CAs the higher the risk.

There is exactly 1 CA where I know a little how they (and their Web-of-trust) operates. And that's CAcert. But they are not pre-installed in the browsers.

BTW: It is worth to look at http://www.youtube.com/watch?v=Z7Wl2FW2TcA and http://giovanni.bajo.it/2011/09/is-convergence-re… .

Frank

Of course – if the user is able to make a good decision. But who is? Is this a model for the average user? One should be skeptical.

It's a multi-trillion dollar hang over from the dot com boom when the CAs decided to engineer their own approach to X.509v3 without a corresponding link to the verified identity of the certificate issuers in the X.500 Directory, i.e. self signed roots or "zombie roots" stored in browsers. If the CA is "too big to fail" then there's yet another problem, which won't be resolved by removing them from a trusted list for browsers.

Not surprisingly, if one goes back and reads the actual documentation on X.509v3 the problem becomes clear. The certificate "subject" identity is established in the X.500 Directory, to support and verify the same subject attribute in the certificate issued by the CA. It would be pretty simple to determine that DigiNotar would not be authoritative for *.google.com, or in the case of the forged Comodo certificates earlier. Note there is a difference between a trusted certificate, falsely issued, or forged, and a stolen certificate.

The certificate is an independent security object, portable, but the identity for the issuance of that is in the Directory, which case it can be listed under the PKICA object.

If identity is verified in the Directory, and some funding for infrastructure is found similar to ICANN, then it's not too late. It still won't excuse sloppy security by a CA if they don't report a breach, especially when they see the OCSP requests, but it would be pretty simple to figure out who is responsible for *.google.com and query that CA to determine if the certificate is genuine. It's only part of the puzzle, but an important part that should be present. Right now the end user would is forced to look inside the certificate, and then add the OCSP server CRL endpoint to their browser configuration. I actually had Verisign refuse a certificate for ietf.org the other day.