He didn't explain how the connections to the notaries are secured... this would have been very interesting and this is probably the weak point of Convergence. Are the notaries secured by a CA signature? How do I know which notaries I should trust? And how do I get their public keys in a secure way? Is the list of default notaries really secure?

The whole concept of "perspectives" is great! The problem is not that there's no ideas about securing the internet, but the businesses are the ones who make this difficult for their own advantage. User is initiating the trust with authorities that they trust, this means that they can change their mind making companies care about improving security.

The addon is not signed by FF; its not available from the FF repo; the convergence.io site doesn't have a cert not even self signed; There is no md5 sum for the addon ... how do i download his FF addon securely??

Is there something that stops (for example) my access-provider to simply MITM all the connections to the notarys + the website?

It seems the authenticity of the notaries also need to be verified, but how?

@Clayne151 I would imagine, given the limited number of notaries at the moment, that convergence bootstraps with inbuilt certificates for those notaries.

this seems like it might be a good intermediate step before it becomes completely distributed. as for example Namecoin. this is basically a distributed DNS server with certificates included. in order to circumvent this system you have to have the majority of computing power. i think this is the future. if not Namecoin exactly then some variant of it. but before we are ready for this Convergence definitely seems like an improvement.

greatest intro ever. haven't even gotten to the actual talk.

pure revelation! EFF is also on the whole SSL alterantive! googleit

This should be required for anyone who has ever installed an SSL cert.

Great talk Moxie. Thanks for writing the Convergence system and taking the time to educate so many people.

People were so stupid...

This presentation had me rolling on the floor laughing out loud, convergence is now my new - De facto Certificate Caching Authority. Together with my own Root CA which I have pre-loaded as my own Software Security Device. It's not just VeriSign that can create trusted 2048-bit Certificates, anyone can... Sadly not on Windows 5.1 though!

What if the MITM is on the same network as the website you're trying to verify?

@robzyboy Um, if you're saying "What is all the notaries see a bad certificate?", yes, that's bad. But that's not far from the site being compromised, or at least entirely 'masked' by an attacker. A notary that checked against the CA system would solve that case, and give you a smart hybrid, as in the last few slides. 'Easy'.

This stuff is why I love Moxie.

and 20:00 is even MORE INSANE

19:22 blows me away

I thought the whole issue here is SSL is broken, how does using SSL to notary bounce fix leaking info and scaling?

Convergence certainly complicates mitm, but someone trying to intercept your communication just needs to intercept two lines of communications; your notary running ssl, and the website.

@jedix007 Thats why you can select (and I do) multiple notaries and can select whether you want majority or all agreement between them. The poisoned notary will become evident quickly.

As with the rest of the protocol, use TLS instead. But cryptographically, TLS and SSLv3 are pretty good, it's the CA's that have been a problem for a long time.

Is there any chance to have powerpoint presentation?

Convergence sounds like a great idea. But unless we can get it in MSIE (not just the minor browsers), and get it set as the default (not just some niche extension for a minor browser), the majority of the world's users will be stuck with our current awful system, where users are told who to trust based on a hierarchy of paid certs. The only thing our current system proves is that someone gets paid for shuttling SSL certs.

@jcyph3r Uh, MSIE is a minor browser. FF and Chrome are the 'major' browsers.

This is the best talk I've seen in a while!

TERRIFIC!

Please people, listen to this genius !

Protip - move away from the mic when you take a drink.

Don't know much about security but this guy was great at explaining the current problems with CAs in an easily understandable way (for people not in that field). The part about convergence was a bit short but I will look it up.

This is indeed the problem with CAs that are "imposed" on us from above. RAs can check the integrity of the users and issue certificates if approved. A rogue RA can be disempowered by the CA.

However in the case of site certificates the CAs are inadequately accountable. Moxie's Convergence restores some of the "power to the people" and by enabling multiple trust paths removes the monopoly held by CAs - indeed TRUST AGILITY.

This would also bring a DEMOCRATIC INTERNET one step closer.

It's like shopping in real life. You can go to the mall or to the chinese market. You have all the options. You can take your chances with your credicard in the latter. Or like locks. The kind of lock in your house depends on the kind of neighborhood you live in. And if you go to the bank they have this super-wambo-awesome lock to protect your assets (Maybe not, but that's what we prefer to think).

The solution, as it is, will complicate ssl-network debugging. It will add new players in the ssl party. it's not clear that the convergence solution will solve all authentication problems.I think maybe it's about time to disrupt some sites in order to get better security. Maybe we should have like a secured Internet and the regular Internet. Those who needs better protocols should adapt.

He nailed the problem. The Internet has trust issues. His solution is somewhat OK. It needs to pass several auditing to be ready for production. For example: I think availability and performance must be part of a security protocol. Problem: What if the notary is not available?. What if the notary is slow?. How do you get new notaries?. How do you treat cache inconsistency in a secure way?. How do you change a certificate for a server without disrupting service?. When do you expire certificates?

@lbarrettanderson the Internet was based on (and continues to spawn) incentives other than financial. some people just get a kick out of running services and solving problems they see in current systems (back in the day, such people were called hackers).

great talk and a great idea

stuff on Comodo. to start. #fb plus more

stuff on Comodo. to start. #fb

The only problem I see no obvious solution for is certificate revocation. What to do if your security is broken and your private key stolen...

@666Tomato666 Generate new private key, sign new certificate, install on web server. De facto cert revocation. By opting out of the CA system it no longer matters who signed a certificate: Convergence just verifies that your SSL connection is talking to the web server you think it is (hence why self signed certificates are 100% valid).

Where do the notaries get their money? What's the incentive for anyone to become one?

@lbarrettanderson I think the lack of incentive is a good thing. Perhaps the open source community will provide a few notaries (like the EFF already does), and I imagine each major browser developer would run a notary for the sake of their users. Necessity is really the only incentive, and IMO thats a good thing. It makes the notaries less likely to collude with each other, which was the only hole in convergence.

@lbarrettanderson Well, I don't see why people wouldn't do something similar as with PGP. Some people would just run their own notaries on leased servers, you just use friend's notaries, your employer notary or your school notary and your own. If the system would become distributed the load wouldn't be any greater than posting your photo library on the 'net.

@666Tomato666 There are some serious problems with using the organizations you described as notaries--they wouldn't help very much. If the notary is close to you, there's a much better chance that the MITM is going to be able to fool the notary as well. This brings up another question... what if the MITM is on the same network as the website you're trying to verify? Everyone would get the same certificate. This isn't a problem with the current system (except for the trust issues the video shows)

@lbarrettanderson That's why you use also DNSSEC notaries and why there is a place for CAs that sell only EV certificates and provide Notary service. OpenPGP could also be leveraged to authenticate certificates: you use self-signed cert, sign it using you PGP key and publish on the network. Overall, this scheme is very good: doesn't force you to trust anyone in particular and allows to use completely different certificate providers.

but wait, he was wearing white hat :D

+1 excellent presentation

cool ! :) 

hak5 <3