Convergence (SSL)

Convergence
Final release	0.09 (client) / 2012-03-07
Repository	github.com/moxie0/Convergence ;
Written in	Python, JavaScript
Operating system	Windows, OS X, Linux
Available in	English
Type	Web browsing
License	GPLv3
Website	See Archived 3 August 2016 at the Wayback Machine

Convergence was a proposed strategy for replacing SSL certificate authorities, first put forth by Moxie Marlinspike in August 2011 while giving a talk titled "SSL and the Future of Authenticity" at the Black Hat security conference.^[1] It was demonstrated with a Firefox addon and a server-side notary daemon.

In the talk, Marlinspike proposed that all of the current problems with the certificate authority (CA) system could be reduced to a single missing property, which he called "trust agility" and which Convergence aimed to provide. The strategy claimed to be agile, secure, and distributed.^[2]^[3]

As of 2013,^[4] Marlinspike was focused on an IETF proposal called TACK,^[5] which was designed to be an uncontroversial first step that advocates for dynamic certificate pinning instead of full CA replacement and reduces the number of times a third party needs to be trusted.^[6]^[7]

Development of Convergence was continued in a "Convergence Extra" fork until about 2014.^[8]^{[third-party source needed]}

^ "SSL And The Future Of Authenticity". YouTube.
^ Schwartz, Mathew J. (2011-09-30). "New SSL Alternative: Support Grows For Convergence". InformationWeek. UBM. Archived from the original on 2011-10-01. Retrieved 2016-09-25.
^ Messmer, Ellen (2011-10-12). "The SSL certificate industry can and should be replaced". Network World. IDG. Archived from the original on 2014-03-01. Retrieved 2016-09-25.
^ Marlinspike, Moxie [@moxie] (2013-02-18). "@deviantollam Unfortunately it's not possible to develop a convergence chrome extension. We've been focusing more on http://tack.io" (Tweet) – via Twitter.
^ "Trust Assertions for Certificate Keys". Archived from the original on 2018-09-04. Retrieved 2019-06-19.
^ Fisher, Dennis (2012-05-30). "Moxie Marlinspike on TACK, Convergence and Trust Agility". ThreatPost.
^ Marlinspike, Moxie (October 2012). "Trevor Perrin and I are actually making..." Hacker News (Forum). Retrieved 2016-09-24.
^ "mk-fg/convergence". August 27, 2020 – via GitHub.

[1] "SSL And The Future Of Authenticity". YouTube.

[Schwartz-2011-09-30-2] Schwartz, Mathew J. (2011-09-30). "New SSL Alternative: Support Grows For Convergence". InformationWeek. UBM. Archived from the original on 2011-10-01. Retrieved 2016-09-25.

[Messmer-2011-1012-3] Messmer, Ellen (2011-10-12). "The SSL certificate industry can and should be replaced". Network World. IDG. Archived from the original on 2014-03-01. Retrieved 2016-09-25.

[4] Marlinspike, Moxie [@moxie] (2013-02-18). "@deviantollam Unfortunately it's not possible to develop a convergence chrome extension. We've been focusing more on http://tack.io" (Tweet) – via Twitter.

[5] "Trust Assertions for Certificate Keys". Archived from the original on 2018-09-04. Retrieved 2019-06-19.

[6] Fisher, Dennis (2012-05-30). "Moxie Marlinspike on TACK, Convergence and Trust Agility". ThreatPost.

[7] Marlinspike, Moxie (October 2012). "Trevor Perrin and I are actually making..." Hacker News (Forum). Retrieved 2016-09-24.

[8] "mk-fg/convergence". August 27, 2020 – via GitHub.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]


Final release	0.09 (client) / 2012-03-07

Repository	github.com/moxie0/Convergence
Written in	Python, JavaScript
Operating system	Windows, OS X, Linux
Available in	English
Type	Web browsing
License	GPLv3
Website	See Archived 3 August 2016 at the Wayback Machine