Plug in
Tried the Firefox plug in using the default parameters, every one of the sites i tried it on returned an invalid certificate warning, however it is a beta so maybe its worth waiting to see if this changes significantly in the future.
San Francisco-based security firm Qualys is throwing its support behind an experimental project designed to improve the security and privacy of website authentication by reducing reliance on certificate authorities that issue secure sockets layer credentials. The Convergence project was devised by Moxie Marlinspike, a security …
...but can you not unpack the plugin XPI file and edit the em:maxVersion tag in install.rdf? Of course there may be a more fundamental reason why it doesn't work with FF7 but I would have thought it's worth a try. And naturally this is unlikely to fix the attachment upload problem.
There are bound to be problems with Convergence at the start, as elegant as the idea is it is still a massively ambitious undertaking to turn the net's trust model on its head. Personally I think there is a responsibility on those of us that recognise the problem to actively participate in the solution. That may be just using the plugin, feeding-back issues to the devs and possibly running a notary but every little helps.
This does cut rather to the heart of the problem with certificates: I *don't* trust the CA's - any of them. Why should I? They're faceless agencies who make money out of selling these certificates to companies, they have next to no responsibility or accountability to me. Plus they are, I'm guessing, full of humans. Humans can be corrupt and/or stupid.
There has been far too little cross-checking of reliability in the whole market for years and the idea outline here looks like a step in the right direction.
This post has been deleted by its author