Convergence - CA Killer.. . or Not

The other day I saw this presentation about Convergence, it is a system designed to avoid using your browser's built-in CA (certificate authorities) for authenticating SSL certificates. Marlin talks about how the system is broken and how Comodo fails etc etc. Then goes on about various systems like certificates in DNS (I had a similar idea), but apparently they are vulnerable to DNS attacks..

Of course, I hate commercial CAs, they have no place on the Internet and have done nothing good for anyone, ever. (maybe a bit strong, but still). And of course browser vendors have sold their trust (and souls (if applicable)) to any CA available while still making you freak out when you reach a self signed certificate.. So of course I tried out Convergence, I even set up a notary (of course). After a couple of hours testing I came up with some pros and cons:

Pros

  • Remove CAs from the equation

Cons

  • Some sites do not seem to work, even Google (Citibank site effect, but for people outside the U.S.A. (yes, they exist)
  • Slow. I have to connect to as many notaries as I have configured and compare data retrieved for each.. . slow.
  • Problems with LAN sites, or sites protected by IP etc etc (sites that cannot be accessed by notaries)
  • If the certificate is compromised and (hence) changed, you could be subject to hijacking as your convergence plugin will not re-query the notaries (unless you un-check the "use cache" option.. extra slow)
  • DNS attacks are still possible, because most people will be using the default notaries anyway.. Which if this happens is worse then the average MITM as this would compromise ALL SSL connections !
  • Crashes Firefox (but that is easily fixable I am sure)
  • The "view certificate" function shows me "Convergence Local CA" and not the actual certificate of the website I am viewing, one has to go somewhere in the options to verify this.. this sucks.
  • This is useless if the MITM is happening between the server and the Internet, actually, if everyone was using Convergence MITM attacks on a server's IP would now be easier to do, no need to trick Comodo into selling you certificate for someone else's domain.

As you can guess I stopped using this plugin about a few hours later. I also lost that sense of security when visiting my websites (webmail and all those things) as I have my own CA and/or know my certificates hashes, with Convergence I am lost.

I like the motivation behind Convergence (and Perspectives) but it simply appears to be totally broken. I could be missing something and would be glad to hear about it. After testing convergence I think that SSL without CAs using DNS is still a better option.

I also believe that as far as DNS poisoning goes, I do not understand why everyone doesn't have a local resolver, even and especially on laptops on the go.

comments:
avatar

Nux

Nice, Manu! Pretty much my thoughts on the subjects as well.
I, too believe "SSL over DNS" is the best solution, Convergence just manages to complicate (and eventually break) everything.
All we need to do is just "fix" DNS. There is already work ongoing: DNSSEC, DNSCurve etc.
A practical step forward would indeed be running a local resolver on all machines (which I do anyway).
avatar

manu - http://manurevah.com

Hey Nux,

Yes it does seem to add about 50 extra layers.. I did sincerely like the idea at first, having peers confirm instead of stupid CAs.
avatar

Alexx Roche - http://www.alexx.net/

"Just because you can, does NOT meant that you should."
DNS is for domain resolution. If you are planning to use it for ANYTHING else then you have failed to understand the Internet. The Internet, like the UNIX world is designed so that one-thing-does-one-thing and nothing else.
What you seen to be concluding is:
"We should extend the domain resolution function and half the security redundancy to fix a fundamentally flawed HTTP-extension that was meant to create security."
Can you see the lack of internal consistency to that statement. If HTTPs is broken then it needs to be fixed or replaced. I have not looked into Moxie's idea, but as his brain's bogomips is more than double mine I expect he has come up with something worth more than just a cursory inspection.

I am certain that once each ISP runs their own convergence.notary the Internet will be a much better place.
avatar

manu

Alexx, a resolver resolves domain names, I sincerely don't see which part you don't get.

It's also interesting that you defend an idea for which you admit to not knowing of. As I previously mentioned, I may have missed something and welcome any constructive feedback.
avatar

lnxwalt - http://lnxwalt.wordpress.com/

Interesting article.

I've lately been reading about how broken SSL/TLS is, but also how broken DNS is. The impression I'm getting is that DNSSEC adds additional complexity without adding much more security to a flawed system. Still, I'm going to read your proposal next.

I never even downloaded Convergence. For one thing, it isn't just browsers that use SSL, so a browser plugin can't do as much good as I'd like. Mail clients, XMPP clients, even some server-to-server communication depends on SSL/TLS. It just seems to me that a PGP/GPG-like web of trust is the only thing that can eventually correct the flaws.
avatar

KFLee

Just install convergence-notary and read website of convergence.io. But there is no much document on how to set up a service to offer this kind of communal help each other idea. Is this idea is still alive and where can I found servers that offer the service?
Leave a comment
You may use the following HTML tags: <p> <a> <strong> <b> <em> <i> <cite> <blockquote> <code> <pre>

Your comments WILL NOT be submitted to any third party (not even for anti spam verification).