New SSL Alternative: Support Grows for Convergence

Convergence, Moxie Marlinspike's crowdsourced approach to improving SSL security, wins fans. But Google's still not on board.

Mathew Schwartz

September 30, 2011

3 Min Read
Network Computing logo

An alternate approach to vetting SSL certificates is gaining steam. Notably, security firm Qualys said it will finance and support two notary servers for Convergence, a still-in-beta project developed by security researcher Moxie Marlinspike as a way to crowdsource certificate authenticity.

"Moxie advertises the project as a way of dispensing with certificate authorities ('An agile, distributed, and secure strategy for replacing Certificate Authorities')," said Ivan Ristic, director of engineering for Qualys, in a blog post.

"You get a browser add-on (only Firefox for the time being) that, once activated, completely replaces the existing CA infrastructure," he said. "Whenever you visit an SSL site your browser will talk to two or more remote parties (notaries) and ask them to check the site's certificate for you. If they both see the same certificate you decide to trust the site."

Convergence removes browsers from the "who should I trust?" equation. That's a crucial development, since if a CA issues bad certificates, the only current way to revoke them from browsers or applications is for developers to update their code, which is a slow, cumbersome approach. In addition, Convergence creates a backend--the notary servers--that handles trust decisions. "The approach is great in its simplicity: if you can see the same certificate from several different locations you conclude that it must be the correct certificate," Ristic said.

[Learn 7 crucial tips for surviving a zero-day attack from a CIO who lived through one.]

So far, the Convergence network is compromised of only about 50 notary servers. "Qualys running the notaries is a huge help and a step in the right direction," Marlinspike told the Register.

Convergence, based on ideas that were developed at Carnegie Mellon University, was released by Marlinspike--CTO of Whisper Systems and a fellow at the Institute For Disruptive Studies--at the Black Hat conference, a UBM TechWeb event, last month, so far only as a Firefox plug-in. He had already hinted at the idea in an April blog post, saying that the problem with SSL is that there are too many certificate authorities--about 650 different organizations have the authority to issue certificates--and at least "a few bad apples."

The effect that one bad apple could have on the entire SSL model became apparent after the hack of Dutch CA DigiNotar came to light in August. That exploit enabled the attacker or group of attackers known as Comodohacker to issue at least 531 fraudulent certificates, including certificates for Gmail, Tor, the CIA, and MI6.

Convergence isn't the only potential SSL alternative. Another possibility--which could be used with Convergence--is to sign domains using the DNSSecurity Extension, which enables a browser to ensure that the DNS infrastructure it's using is secure.

Google, however, hasn't endorsed Convergence, and said it has no plans to add it to Chrome. "Although the idea of trust agility is great, 99.99% of Chrome users would never change the default settings," said Google security analyst Adam Langley in a blog post, earlier this month.

"Given that essentially the whole population of Chrome users would use the default notary settings, those notaries will get a large amount of traffic. Also, we have a very strong interest for the notaries to function, otherwise Chrome stops working," he said. "Combined, that means that Google would end up running the notaries."

Furthermore, Convergence had yet to address how internal servers or captive portals--often seen used at Wi-Fi hotspots as a way to force someone to agree with terms of service or authenticate before they're granted access--would be secured. "These two problems, captive portals especially, are the bane of many an idea in this area," he said.

Still, when it comes to overhauling SSL, fruitful discussions are finally underway. "We mustn't rush," said Ristic. "We've just been given the ability to choose whom to trust, and it's too soon to settle on any one implementation. I am far more interested in experimenting with different approaches, to see what works and what does not."

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights