Comment My question about Convergence (Score 1) 127
I really love the idea of Convergence on the face of it, but I had one serious question:
Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?
If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert /there/ since, if there are no other paths, all of the notaries would see the same cert, and pass it as "good". For instance, if you take the case of a large multi-hundred-million dollar website hosted in the middle of the ocean, with one pipe feeding that island, if the attacker places their fake cert and proxy at that link, then every notary in the US would agree to pass the false cert. Similarly, if, say, a major backbone carrier had a secret room, through which passed all their data, and in which sat the FBI, they could place a proxy and fake cert there, and all notaries would see that cert and pass it as real.
That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do /not/ like the idea of on its face).
Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?
If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert
That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do