Convergence_(SSL)
Convergence (SSL)
Proposed strategy for replacing SSL certificate authorities
Convergence was a proposed strategy for replacing SSL certificate authorities, first put forth by Moxie Marlinspike in August 2011 while giving a talk titled "SSL and the Future of Authenticity" at the Black Hat security conference.[1] It was demonstrated with a Firefox addon and a server-side notary daemon.
In the talk, Marlinspike proposed that all of the current problems with the certificate authority (CA) system could be reduced to a single missing property, which he called "trust agility" and which Convergence aimed to provide. The strategy claimed to be agile, secure, and distributed.[2][3]
As of 2013,[4] Marlinspike is focused on an IETF proposal called TACK,[5] which is designed to be an uncontroversial first step that advocates for dynamic certificate pinning instead of full CA replacement and reduces the number of times a third party needs to be trusted.[6][7]
Development of Convergence was continued in a "Convergence Extra" fork until about 2014.[8][third-party source needed]