The purpose of a
certificate authority in the conventional
SSL system is to vouch for the identity of a site, by checking its SSL certificate. Without some vouchsafing, one is open to a
man-in-the-middle attack. A single site is vouched for by only a single certificate authority (CA), and this CA has to be trusted by the user. Web browsers typically include a list of default trusted CAs and display a warning about an "untrusted connection" when a site cannot be vouchsafed by a trusted CA. A problem with this system is that if a user (or browser vendor) loses trust in a CA, removing the CA from the browser's list of trusted authorities means losing trust in all the sites that used that CA. This happened when major browsers lost trust in the
DigiNotar CA and sites registered with this CA had to get new certificate authorities (see
Certificate authority#CA compromise for more examples of trust breaches). With Convergence, however, there was a level of
redundancy, and no
single point of failure. Several
notaries could vouch for a single site. A user could choose to trust several notaries, most of which would vouch for the same sites. If the notaries disagreed on whether a site's identity was correct, the user could choose to go with the
majority vote, or err on the side of caution and demand that all notaries agree, or be content with a single notary (the voting method was controlled with a setting in the browser addon). If a user chose to distrust a certain notary, a non-malicious site could still be trusted as long as the remaining trusted notaries trusted it; thus there was no longer a single point of failure. In September 2011,
Qualys announced it would run two notary servers. As of June, 2016 these servers appeared to be down. A list of notaries was maintained on the Convergence wiki. ==Alternatives==