If you support Freedom of Information, please aid this movement by sending Bitcoins here:

Saturday, September 10, 2011

A Decentralized Solution to Certificate Authorities: Moxie Marlinspike's Convegence.io

By now, I hope most people understand that certificate authorities are not invulnerable to hacks, and putting full trust in any single source is just poor faith.  This point is only amplified when we invest full trust in multiple stand-alone authorities, such as the situation we have today. If any single one of our trusted authorities fails,then we the end users are left vulnerable. Moxie Marlinspike sums the whole situation up rather nicely in this video:


At the end of the video, Moxie announces Convergence.  Converge is a new FireFox add-on, that runs in the background, and verifies the CA's result through multiple physical channels.  This provides a decentralized perspective to aid in authentication confirmation.   Convergence was built on a white-paper entitled, Perspectives.  His solution at convergence.io also takes care of several information leaks that existed in the original Perspectives implementation.  I highly suggest user's instal this FireFox add-on!  It has several verification options which provides a huge amount trust agility, allowing user's to set their level of paranoia.  It still has some problems, but Moxie is also accepting code reviews and donations.  The point is: We need more technologies like Convergence, which harness the decentralized strength of the Internet, and protect all individual users!

No comments:

Post a Comment