Convergence SSL trusts

With the March Comodo compromise, the RSA pwnage, and Netherlands CA DigiNotar filing for bankruptcy after their hacking last month, the Certificate Authority hiearchy (and resulting multi-million dollar business) has been taking a lot of punches in the press.

Steve Gibson, in his Security Now podcast “CA Trust – Time to Change It?“, provides a good summary of events and a look at a possible alternative – Convergence. (Caregie-Mellon is also developing a version, Perspectives.)

He argues that “the problem of trust on the Internet is arguably an intractable problem” with no good solution.

[with the DigiNotar incident] we’ve just seen a beautiful example of the way the Certificate Authority hierarchy fails us, and that is, our browsers trust, unfortunately, a distressingly large array of Certificate Authorities, each of whom has the ability to sign any certificate for any server on the Internet. And because we have to trust in the perfect performance of every one of those Certificate Authorities, if any one of them screws up, then we’re vulnerable to a certificate that they have signed which we inherently trust. So a lot of bright people have said, okay, this is getting kind of creaky because now the number of Certificate Authorities is up to 600, and we’re beginning to see cracks in this infrastructure.

That’s a lot of organizations to trust, especially with recent compromises and their documented negligence. After all, “With SSL, who can you really trust?

Well-known security researcher Moxie Marlinspike also provides a good summary on his blog at