> it's just the CA model with very short lived constantly renewed certificates
Very strange conclusion. Convergence have following properties CA model does not have:
* trust is optional (you don't have to trust Iranian CAs)
* trust is revocable (you can safely remove trust from any notary)
* trust is distributed (you trust only if all notaries are acting as one; as opposing to "you trust anything any of CAs will say")
Notaries are not signing anything, they are not CAs. Also, there is nothing like "short lived constantly renewed certificates" in this model. Hosts are using self-signed certs (or CA signed - does not matter). Notaries are functioning in "attacker will not MiTM whole Internet" model and only help you detecting if something went wrong.
If anything, convergence is a combination of TOFU and WoT models. Although an attempt to describe a security model by such comparisons does not help much.
Very strange conclusion. Convergence have following properties CA model does not have:
* trust is optional (you don't have to trust Iranian CAs) * trust is revocable (you can safely remove trust from any notary) * trust is distributed (you trust only if all notaries are acting as one; as opposing to "you trust anything any of CAs will say")
Notaries are not signing anything, they are not CAs. Also, there is nothing like "short lived constantly renewed certificates" in this model. Hosts are using self-signed certs (or CA signed - does not matter). Notaries are functioning in "attacker will not MiTM whole Internet" model and only help you detecting if something went wrong.
If anything, convergence is a combination of TOFU and WoT models. Although an attempt to describe a security model by such comparisons does not help much.