[jiggy2011]

One question I have about convergence. I understand how it helps prevent MITM attacks by getting consensus from a trusted third party as to the authenticity of a particular cert.

However what happens if the MITM attack is on the other end, in other words somebody has got into a hosting providers network and is MITMing a bunch of traffic to some of their servers.

They could use this to pass back bullshit certs/public keys to all clients (including notaries) who connect to servers they have MITMd.

One way to prevent this of course would be to have the server keep it's own list of notaries and self-check every so often and alert clients if something appears wrong.

However here you are relying on server administrators keeping this configured and working. I could imagine less scrupulous administrators on strict SLAs disabling this and letting it fail in a way that is silent to the end user to avoid downtime. This would be more difficult to do with the traditional CA structure since the attacker would need a valid cert for the site or would need to SSL strip everything (which would eventually get noticed).

Or do I have this wrong and it is intended to augment the existing CA structure rather than replace it?