Convergence (SSL)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Stable release 0.09 (client)
Written in Python, JavaScript
Operating system Windows, OS X, GNU/Linux
Available in English
Type Web browsing
License GNU General Public License v3

Convergence is a strategy for replacing SSL Certificate Authorities. The strategy claims to be agile, secure, and distributed.[1][2][3] Moxie Marlinspike released it in August 2011 while giving a talk titled "SSL and the Future of Authenticity" on stage at the Black Hat security conference.[4] It is currently a Firefox addon and a server-side notary daemon.

In the talk, Moxie Marlinspike proposes that all of the current problems with the CA system can be reduced to a single missing property, called "Trust Agility", which Convergence is designed to provide.

As of 2013,[5] Marlinspike is focused on TACK, which is designed to be an uncontroversial first step, reducing the number of times a third party needs to be trusted.[6][7]

Development of Convergence is continuing in a "Convergence Extra" fork.[8][9]


Convergence is based on previous work from the Perspectives Project at Carnegie Mellon University. Like Perspectives, Convergence authenticates connections by contacting external notaries, but unlike Perspectives, Convergence notaries can use a number of different strategies beyond network perspective in order to reach a verdict.

Convergence in comparison to conventional SSL[edit]

The purpose of a Certificate Authority in the conventional SSL system is to vouch for the identity of a site, by checking its SSL certificate. Without some vouchsafing, one opens up to a man-in-the-middle attack. A single site is vouched for by only a single Certificate Authority (CA), and this CA has to be trusted by the user. Web browsers typically include a list of default trusted certificate authorities, and display a warning about an "untrusted connection" when a site cannot be vouchsafed by a trusted CA. A problem with this system is that if a user (or browser vendor) loses trust in a CA, removing the CA from the browser's list of trusted authorities means losing trust in all the sites that used that CA. This happened when major browsers lost trust in the DigiNotar CA[10] and sites registered with this CA had to get new certificate authorities (see Certificate_Authority#CA compromise for more examples of trust breaches).

With Convergence, however, there is a level of redundancy, and no single point of failure. Several notaries can vouch for a single site. A user can choose to trust several notaries, most of which will vouch for the same sites. If the notaries disagree on whether a site's identity is correct, the user can choose to go with the majority vote, or err on the side of caution and demand that all notaries agree, or be content with a single notary (the voting method is controlled with a setting in the browser addon). If a user chooses to distrust a certain notary, a non-malicious site can still be trusted as long as the remaining trusted notaries trust it; thus there is no longer a single point of failure.

In September 2011, Qualys announced it would run two notary servers.[11] A list of notaries is maintained on the Convergence wiki.[12]


  • The Monkeysphere Project tries to solve the same problem by using the PGP web of trust model to assess the authenticity of https certificates.[13]
  • Namecoin removes the need for any form of trust in a third party through using a blockchain data structure.


External links[edit]