On 28-07-13 22:20, Patrick Mylund Nielsen wrote: > On Sun, Jul 28, 2013 at 1:03 PM, Yan Zhu <[email protected] > <mailto:[email protected]>> wrote: > > It seems to be the browser extension <http://convergence.io/> that > everyone talks about but nobody uses. For one, the original > repository isn't actively maintained, and I found at least one > unpatched issue that keeps it from working in recent Firefoxes (see > https://github.com/moxie0/Convergence/issues). > > Is anyone running it? Thoughts on whether it's worth forking and > patching? > > Perspectives, on the other hand, is a similar project that is quite > active but seems to get less mentions: http://perspectives-project.org/ > > -Yan > > > Unfortunate, since Convergence is based on the research done in the > Perspectives project. Moxie deserves credit for sure, but he seems to be > getting (almost) all of it. An Ubuntu-and-Debian-esque situation, if you > will. > > Why is neither used by the masses? Because nobody changes their > settings: https://www.imperialviolet.org/2011/09/07/convergence.html > That's going to be a hard problem to solve.
The reason I stopped using it is that the trusted notaries sign a certificate with their own CA-key. It removes the original certificate from view. It's therefore indistinguishable from a MitM attack. Perspectives, on the other hand, adds an extra out of band validation that tells me why it comes to a certain result. Please see screenshot with Convergence and plain Firefox: http://witmond.nl/conv-mitm.png Cheers, Guido. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
