Convergence - CA Killer.. . or Not
The other day I saw this presentation about Convergence, it is a system designed to avoid using your browser's built-in CA (certificate authorities) for authenticating SSL certificates. Marlin talks about how the system is broken and how Comodo fails etc etc. Then goes on about various systems like certificates in DNS (I had a similar idea), but apparently they are vulnerable to DNS attacks..
Of course, I hate commercial CAs, they have no place on the Internet and have done nothing good for anyone, ever. (maybe a bit strong, but still). And of course browser vendors have sold their trust (and souls (if applicable)) to any CA available while still making you freak out when you reach a self signed certificate.. So of course I tried out Convergence, I even set up a notary (of course). After a couple of hours testing I came up with some pros and cons:
Pros
- Remove CAs from the equation
Cons
- Some sites do not seem to work, even Google (Citibank site effect, but for people outside the U.S.A. (yes, they exist)
- Slow. I have to connect to as many notaries as I have configured and compare data retrieved for each.. . slow.
- Problems with LAN sites, or sites protected by IP etc etc (sites that cannot be accessed by notaries)
- If the certificate is compromised and (hence) changed, you could be subject to hijacking as your convergence plugin will not re-query the notaries (unless you un-check the "use cache" option.. extra slow)
- DNS attacks are still possible, because most people will be using the default notaries anyway.. Which if this happens is worse then the average MITM as this would compromise ALL SSL connections !
- Crashes Firefox (but that is easily fixable I am sure)
- The "view certificate" function shows me "Convergence Local CA" and not the actual certificate of the website I am viewing, one has to go somewhere in the options to verify this.. this sucks.
- This is useless if the MITM is happening between the server and the Internet, actually, if everyone was using Convergence MITM attacks on a server's IP would now be easier to do, no need to trick Comodo into selling you certificate for someone else's domain.
As you can guess I stopped using this plugin about a few hours later. I also lost that sense of security when visiting my websites (webmail and all those things) as I have my own CA and/or know my certificates hashes, with Convergence I am lost.
I like the motivation behind Convergence (and Perspectives) but it simply appears to be totally broken. I could be missing something and would be glad to hear about it. After testing convergence I think that SSL without CAs using DNS is still a better option.
I also believe that as far as DNS poisoning goes, I do not understand why everyone doesn't have a local resolver, even and especially on laptops on the go.