So he hopes that in a fully deployed architecture, major corporations -- Google, Microsoft, Yahoo, Verisign -- as well as smaller companies and individuals would set up notaries. Notaries could share the data they gather. "As long as they all agree, then that site is OK. You can trust the accumulated results," he says. Users get a statistical, probabilistic verification of a certificate's authenticity, he says.
Marlinspike says this architecture gives end users trust agility -- the ability to switch who they trust initially and to shift that trust to someone else at any time. Under the current system, trust is determined by what root certificates browsers support and that predetermined trust is irrevocably locked in between browsers and certificate authorities.
Marlinspike's Convergence architecture creates a notary relay that keeps any one notary from knowing both who is requesting authentication for a given certificate and what site that certificate is issued to.
That relay feature injects a level of privacy that Andersen appreciates. "Notary B sees only Notary A so it can't see what client is asking about what website," he says. Similarly, Notary A can only see the client making the request, not what website it is asking about.
At the moment Perspectives serves only 30,000 users, an insignificant percentage of users making SSL certificate checks on the Internet, Andersen says. To replace the current SSL authentication system would require a worldwide network of perhaps hundreds of notary servers akin to the network of DNS servers. But, he says, the tasks they would be asked to perform are simpler and fewer servers would be needed.
Taher Elgamal, CTO of Axway and one of the creators of SSL, acknowledges that authentication is a weakness in SSL deployments. At the time SSL was created, authentication wasn't the main focus, but he says he regards the notary system as an improvement over certificate authorities acting exclusively as trusted third parties.
"Something needs to change for the trust to be better," he says. "We need to build a community that says these are trustworthy or not."
Because the notary models would require worldwide deployment of infrastructure, an actual rollout could be done but it would be a major project. "It's bigger than it should be because it's 16 years late," Elgamal says.
Read more about wide area network in Network World's Wide Area Network section.