Fixing A Broken CA System – Perspectives And Convergence

ImageCertificate Authorities (CAs) hand out digital signatures that websites can use to do two things. They can provide encryption and verification – the connection between you and the server is encrypted and the Certificate Authority has verified that the website is ‘legitimate.’ Encrypting the connection attempts to stop Man In The Middle Attacks (MITM.)

Man In The Middle

A Man In The Middle attack is when an attack gets between you and the server and reads or interferes with the data. This means that the attacker can read passwords sent to a website, read an email, read anything. They can also redirect you to an exploit page or change the information in other ways.

If the information is encrypted, as it is with SSL, then MITM attacks are more difficult (more on cracking and bypassing SSL in another post.)

Why The CA System Is Broken

If the entire web were encrypted and verification were a perfect process and CAs couldn’t be hacked or tricked it would all work beautifully. Obviously all of this is impossible, so the system has to change.

Comodo and VeriSign make up the vast majority of certificates used for websites. Between the two of them they hold the majority of the CA market share but neither one has a pristine record for security. Comodo was hacked by someone who is most likely a novice hacker and VeriSign has accidentally issued certificates to malware in the past. They aren’t the only ones to have been hacked, DigiNotar brought a lot of press to the situation when they were hacked and for all we know this has happen without users finding out.

There’s also the problem of trust – we can’t really trust every single CA. Some CAs have handed out certs that allow MITM attacks for companies/ government to spy on users.

Servers can sign their own certs but then a user has no way of knowing if the cert is legitimate (hackers can provide one) and browsers will give tons of warnings about it.

The Solution

Convergence essentially works by checking the certificate against notaries. These various notaries all have information on the certificate and if the information doesn’t match you can assume that there’s something wrong. Instead of verification happening on the CA level it’s handled by many different independent notaries.

Users have full control over which notaries they use. Whereas on WordPress I’m forced to take Godaddy.com’s word on this website being legitimate with Convergence I could choose any notary I like.

CAs could act as notaries as well but the current system has the two segregated. This may not always be the case.

If you’re looking to installĀ ConvergenceĀ it’s Firefox only and Google (Microsoft, Apple) has not shown interest in supporting it.

One thought on “Fixing A Broken CA System – Perspectives And Convergence

  1. You had both “Perspectives” and “Convergence” in the title. It might be worth mentioning that Perspectives is an older project and Convergence does somewhat similar things but is a younger project.

    I’d personally love to use Convergence but Perspectives has worked better in practice this far. Convergence notaries are way too often unavailable — possible due to too high load or network issues.

Leave a Reply

Your email address will not be published. Required fields are marked *