Google: SSL alternative 'Convergence' won't be added to Chrome
Still smarting from a counterfeit secure sockets layer certificate that threatened at least 300,000 of its users in Iran, Google has no plans to fortify its Chrome browser with an experimental technology that bypasses the current system for validating websites.
In a blog post published Wednesday, Google security researcher Adam Langley said he didn't think the technology known as Convergence “is something we would add in Chrome.” Moxie Marlinspike, a researcher who has made a career out of exposing huge architectural cracks in the net's foundation of trust, designed the system to address security vulnerabilities and privacy weaknesses in the current SSL system.
In a nutshell, Convergence is a crowd-sourcing technology that allows endusers to query people or organizations they trust to vouch for the validity of certificates used to authenticate Gmail, eBay, or any other website that uses an https suffix prefix. In its current incarnation, the system relies on a handful of “notaries,” including Marlinspike's organization and the the Electronic Frontier Foundation. It's capable of accommodating an unlimited number of notaries and would allow end users to query as many or as few as they want.
