Iceweasel addon - Convergence
Convergence (homepage) is "an agile, distributed, and secure strategy for replacing Certificate Authorities". It seems like we should ship it at some point, as not all Tails users will learn how to deal with "Monkeysphere":./monkeysphere.html.
Next things to do¶
We have to wait for a decision regarding which candidate(s) we want to support for the web browser profile with no CA (#5766).
Other reasons to wait¶
The Tor Browser Bundle developers are waiting for an external audit before shipping it.
Convergence is still not in Debian (ITP: Debian bug #640786).
What set of notaries should Tails use by default?
Tor hidden services¶
At least one configured notary must be able to validate certificates for web servers running behind Tor hidden services, i.e. https://xxxxxxxxx.onion. Maybe better to ship a separate Iceweasel profile dedicated to this kind of browsing, that would use "Monkeysphere":./monkeysphere.html instead of Convergence.
When we'll implement support wifi hotspots with captive portals (#5492), the webbrowser configuration dedicated to this task probably need to not use Convergence, as the Convergence client would not be allowed to reach the notaries.