back to article Qualys endorses alternative to crappy SSL system

San Francisco-based security firm Qualys is throwing its support behind an experimental project designed to improve the security and privacy of website authentication by reducing reliance on certificate authorities that issue secure sockets layer credentials. The Convergence project was devised by Moxie Marlinspike, a security …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Plug in

    Tried the Firefox plug in using the default parameters, every one of the sites i tried it on returned an invalid certificate warning, however it is a beta so maybe its worth waiting to see if this changes significantly in the future.

  2. Mystic Megabyte
    Linux

    Problemo

    Convergence won't run on FF 7.0

    On FF 6.x it prevents Gmail attachment uploads. They just hang with a Gmail "Still working" message.

    1. Ian McNee
      Boffin

      Forgive me if I'm teaching granny to suck eggs...

      ...but can you not unpack the plugin XPI file and edit the em:maxVersion tag in install.rdf? Of course there may be a more fundamental reason why it doesn't work with FF7 but I would have thought it's worth a try. And naturally this is unlikely to fix the attachment upload problem.

      There are bound to be problems with Convergence at the start, as elegant as the idea is it is still a massively ambitious undertaking to turn the net's trust model on its head. Personally I think there is a responsibility on those of us that recognise the problem to actively participate in the solution. That may be just using the plugin, feeding-back issues to the devs and possibly running a notary but every little helps.

    2. OpenIndiana

      FF7

      Which OS?

      FF7+Convergence work fine on OpenIndiana.

  3. Anonymous Coward
    Thumb Up

    Trust

    This does cut rather to the heart of the problem with certificates: I *don't* trust the CA's - any of them. Why should I? They're faceless agencies who make money out of selling these certificates to companies, they have next to no responsibility or accountability to me. Plus they are, I'm guessing, full of humans. Humans can be corrupt and/or stupid.

    There has been far too little cross-checking of reliability in the whole market for years and the idea outline here looks like a step in the right direction.

  4. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    perspectives...

    From the website: "Convergence is based on the ideas originally developed by the Perspectives Project at Carnegie Mellon University."

    Does this mean that perspectives is dead? Are the 2 systems compatible?

    http://perspectives-project.org/

  6. Anonymous Coward
    Facepalm

    OT

    Installed FF7 the other day and found it still had DigiNotar as a CA..

  7. Anonymous Coward
    Anonymous Coward

    ...but...

    ...are the DigiNotar certificates configured to authenticate anything?

This topic is closed for new posts.

Other stories you might like