Me: I heard the Convergence project is no longer being developed, Is this true?
Moxie Marlinspike: Convergence is still being developed, although the core
feature set is pretty stable now.
Me: Should anyone run a notary?
Moxie Marlinspike: Anyone can run a notary, and anyone is free to use that notary if they trust the organization.
Me: Who would be your ideal candidate for running a notary?
Moxie Marlinspike: Ideally, organizations that can dedicate the resources to running HA notaries are preferred.
Topic: Re: [WARNING] Bitcoinica Claims Process is insecure (Read 1383 times)
I'm pretty sure it's still being actively maintained, can always ask moxie or 0day charlie of thoughtcrime labs on twitter if they're still involved, they always reply
Well Convergence is accepting Contributions via Bitcoin and via Bit-Pay.
There were active donations sent April through May of 2012.
15TUpE7Qtehxzrx2gMdE6jbHdQa42Edk4G
There were active donations sent April through May of 2012.
15TUpE7Qtehxzrx2gMdE6jbHdQa42Edk4G
The only problem with Perspectives is they only authenticate the first connection, other stuff on the website, pics, forms are still vulnerable. Have you thought about using Convergence instead? http://convergence.io/
I've heard that Convergence is no longer being actively developed.
Quote from: Theymos
I use the Certificate Patrol and Perspectives Firefox extensions. I've also disabled most of the CAs in Firefox, though Firefox's handling of invalid certificates is pretty bad, so I don't recommend doing this unless you're paranoid.
(If this is OffTopic, let me know. 
)The only problem with Perspectives is they only authenticate the first connection, other stuff on the website, pics, forms are still vulnerable. Have you thought about using Convergence instead? http://convergence.io/
Tell me what isn't a lost cause then. Please.
I use the Certificate Patrol and Perspectives Firefox extensions. I've also disabled most of the CAs in Firefox, though Firefox's handling of invalid certificates is pretty bad, so I don't recommend doing this unless you're paranoid.
It has been compromised in the past, so it likely will again in the future. You should simply just not use StartCom, especially after you've been hacked yourself. StartCom should have been completely blacklisted in browsers.
Comodo, USER-TRUST, and even Verisign have also been compromised in the past, and there's no chance that they'll be removed from browsers because they're so popular. Lots of governments also have their own probably-insecure CAs which are accepted by all browsers. The CA system is a lost cause.
Tell me what isn't a lost cause then. Please.
Jump to: