I installed Convergence here a few days ago. I'm pretty techie but I don't really get it. I now see all https certs are verified by a local self-signed cert (boy, was that a surprise..) and I get that this is more like some kind of quorum system. I don't get who is going to run these various notaries for people to check against; I suppose the browser makers could run some instead of pinning but I suppose I don't see the commercial motivation for someone to run one well. Are we to rely on the charity of the likes of Google? Hmm.
I also don't really get how any of these can be explained to the man on the street. Fundamentally, the issue comes down to "how can you trust a party you've never met", and every solution involves some kind of third party/intermediary and gets increasingly more complex / convoluted as various holes get patched up.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds