[Pkg-mozext-maintainers] replacing Perspectives extension with Convergence?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 12 14:12:58 UTC 2011
On 09/09/2011 09:01 AM, Paul Wise wrote:
> Based on Moxie Marlinspike's talk about SSL at the BlackHat security
> conference, in which he mentions the Perspectives extension and the
> issues that it has, I think we should remove the Perspectives extension
> from Debian and encourage users to switch to the Convergence plugin that
> Moxie wrote.
i haven't audited moxie's code, but if his presentation is accurate in
how it describes the way that Convergence works, i agree that it makes
more sense to have Convergence than Perspectives in the debian archive.
We could keep both, of course, but i suspect that (for the near future
anyway) Convergence will be better-maintained and will provide a better
user experience for most users. And i wouldn't want users to try to use
My main concern with Convergence is that given the default notary model,
it does not protect users at all against snooping/infiltration based on
a server-specific attack (e.g. BGP injection, or simply placing a
second, faster machine on the same network segment as the target server
and arpspoofing the target machine, or even taking the server down and
replacing it with an identically-configured machine).
However, Perspectives doesn't defend against these attacks at all -- it
just relies on the existing, already-broken X.509 CA cartel
infrastructure to protect against these kind of attacks. The difference
is that Convergence explicitly rejects all X.509 certification and
relies instead on its notaries.
With an improved notary arrangement (i haven't thought through the
details yet), Convergence could maybe take some steps to address this
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Pkg-mozext-maintainers