Iceweasel addon - Convergence
Originally created by Tails on #6102 (Redmine)
Convergence (homepage is "an agile, distributed, and secure strategy for replacing Certificate Authorities". It seems like we should ship it at some point, as not all Tails users will learn how to deal with Monkeysphere.
Next things to do
We have to wait for a decision regarding which candidate(s) we want to support for the web browser profile with no CA (#5766 (closed)).
Other reasons to wait
The Tor Browser Bundle developers are waiting for an external audit before shipping it.
Convergence is still not in Debian (ITP: Debian bug #640786.
What set of notaries should Tails use by default?
Tor hidden services
At least one configured notary must be able to validate certificates for web servers running behind Tor hidden services, i.e. https://xxxxxxxxx.onion. Maybe better to ship a separate Iceweasel profile dedicated to this kind of browsing, that would use Monkeysphere instead of Convergence.
When we’ll implement support wifi hotspots with captive portals (#5492 (closed)), the webbrowser configuration dedicated to this task probably need to not use Convergence, as the Convergence client would not be allowed to reach the notaries.