|
Posted by: stak
Tags:
Posted on: 2011-11-09 08:30:01
You may have heard of Convergence, an SSL-replacement which replaces the centralized CA-chain architecture with a more decentralized notary-based architecture. You can specify which notary servers you want to use, and those servers are used to verify that the SSL certs your browser loads aren't being tampered with.
There are a number of things that I find particularly cool about this. The most obvious is the decentralized architecture, which should come as a surprise to nobody reading this blog. The first thing I did was get my own notary server up and running, which turned out to be pretty easy using an EC2 instance. If you want to use it, here is a link to the notary file.
The next think I like about it is that it comes with an SSL fingerprint cache on the client side, which by itself could eliminate spoofing on sites you visit frequently, since you'll have the fingerprint cached and can detect if the SSL cert you're getting doesn't match.
And finally, I like how simple to use it is. Assuming you're using Firefox, anyway. Just download the add-on and that's pretty much it. If you understand the architecture of the system, all the configuration options are intuitive and what you'd expect.
Anyway, I recommend you give it a whirl. I've only found one problem with it so far (I can't access my router via SSL while it's enabled) but that seems to be a bug in the router's SSL implementation that I'm trying to track down.
|
|
(c) Kartikaya Gupta, 2004-2025. User comments owned by their respective posters. All rights reserved.
You are accessing this website via IPv4. Consider upgrading to IPv6!
|
Unless you don't have the add-on and Fx refuses to even let you open the site any longer, since it's self-signed. Something changed between Fx7 and Fx8, because now the only option is "Get me out of here" for self-signed sites :( Had to get Safari open to connect to my router's management page.