Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.
Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want.
Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.
Convergence can be configured to require trust consensus amongst multiple notaries, preventing any single notary from having the ability to compromise security.
Convergence is fully backward compatible with the existing deployment of certificates, and doesn't require website operators to change anything. Just install the Firefox add-on, select who you trust, and be done with Certificate Authorities forever. Everything will look exactly the same, and you'll never get a self-signed certificate warning again.
Convergence caches trust information locally, and has a mode to shield your IP address from notaries when communicating with them, so that you never leak your browsing history to anyone else.
Convergence trust notaries use network perspective to validate your communication by default, but can be extended to use whatever methods the notary operator would like. This might include DNSSEC, BGP data, "SSL observatory" results, or even CA validation.
Convergence is so lightweight you won't even know it's there.
Convergence is based on the ideas originally developed by the Perspectives Project at Carnegie Mellon University.
For more technical information on Convergence, see the video of the BlackHat talk where it was introduced here.
Download