up vote 1 down vote favorite
1

https://www.youtube.com/watch?v=Z7Wl2FW2TcA

What are the "Notary" servers regarding convergence? Who is maintaning the "Notary" servers?

Can someone please explain?

share|improve this question
up vote 4 down vote accepted

In human words: notary servers are trusted servers that add a "yet another" security level, which actually tries to eliminate MITM (Man-In-The-Middle) attacks.

Notaries act as a mediator to ascertain the validity of a Certificate Authority. Notary servers keep consistency checks on CA root certificates to ensure that a certificate presented by the web-server to the client is consistent with what the Notary server has come to know over an extended period of time.

A "Notary Service" would eliminate the need for operating system vendors to include list of trusted CAs but instead publish list of Notary servers. This option dynamically updates clients as soon as a CA is compromised. The only problem today is that currently, there are not enough "notary servers" available on the internet.

If you're looking for a good example of this type of implementation, you can find it in DNS Root Name Servers which securely maintain Zone records for the internet.

I bet that this practical example is easier to understand than my technical explanation of the definition. ;)

share|improve this answer
  • who can be a notary server? – LanceBaynes Jan 4 '12 at 10:18
  • @Lance - look at my answer. That should help you. – Rory Alsop Jan 4 '12 at 11:55
  • @LanceBaynes : anyone can run a notary server, depending on the technical needs. But practically, setting up and running a notary server only makes sense in a large network or high-security environment. Also, there is the question of "trust" when you expect others to use your notary server. Let me give you a practical example: if your online-banking institute wants to do things safer, they'll rather setup their own notary server or outsource stuff to servers run by companies like Microsoft, than using a notary server at Joe's garage. But nothing stops you from setting up a notary server... – user6373 Jan 4 '12 at 20:51
up vote 2 down vote

From the Convergence.io details page it can be anyone:

Distributed

Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it -- so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.

The idea is that you decide which notaries you want to trust.

share|improve this answer

Your Answer

 
discard

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Not the answer you're looking for? Browse other questions tagged or ask your own question.