Notaries are CAs, except that a CA validation might potentially be something beyond TOFU, and the assertion lifetime is well-defined. On the other hand, the CA is picked by the service.
There's a number of approaches to identity validation given an X.509 certificate chain. Not all of them are valid in any particular environment. I think that notaries are useful additions, in part because a notary system would reduce the TOFU nature of pinning - but without pinning, it's pretty fragile and arbitrary. As a very specific note about Convergence, the model used by Convergence is that endpoints are told not to worry their pretty little head about a thing, and entirely trust the notary; this is in marked contrast to thinking elsewhere (such as DNSSEC, PKIX itself, SCVP, OCSP, etc) where any remote validation result is accompanied by proof, and that proof is evaluated locally. For example, with SCVP - which essentially matches the use-case - the SCVP server builds the PKI chain and finds revocation status information for the client via a number of means, but presents the completed chain and revocation information to the client to check. An alternative method would be to assume a number of notaries may be compromised, and use sufficient to ensure this doesn't matter - essentially making this Byzantine fault tolerant. (Assuming the usual notation, that'd 2f+1, so you ensure that correct responses outnumber faulty ones). But the problem then is that if a Notary can implement arbitrary tests, and one of your notaries has a test which demonstrates an error on the target service, you'd probably want to act differently. So overall, I'd prefer to stick to pinning information, and leave the other validation work in the client. On 3 September 2015 at 10:19, Peter Viskup <[email protected]> wrote: > Hi all, > we know there still are issues with CA-signed and self-signed > certificates. Self-signed certificate was the main reason for not accepting > our server into the list of public XMPP server. > From my perspective it would be great to implement XEP similar to > Convergence [1]. That could solve at least some of the issues with > certificates we have at the moment. On the end the CA-trust-lists would be > removed from the clients and servers would be able to check the validity of > certificates for s2s connections. > Didn't dive deep into the problem, but seems promising to me. > Anyone already thinking of or working on it? > > [1] http://www.convergence.io > > -- > Peter Viskup > admin of jabber.sk >
