In a company setting the company is going to be the new certification authority, because it can configure browsers to use its own notary service. An ISP could have leverage to configure the browsers of its customers (help pages, setup apps, etc). A country can mandate using the country's notary, as some countries mandate installing the state certificate to be able to MITM https.

It could work if browsers agree to use at least a not small pool of well known notaries. An adversary should hack many of them and companies and ISP could not limit users to their own notaries. To have a passable chance to be enforced those notaries must be hardcoded in the binary. But in some countries that would lead to mandatory use of browsers patched by the state.

So "who watches the watchmen"?[1]

It looks like the "notary servers" eventually become another variation of "certificate authorities" by another name.

If web users rely on a 3rd-party organization (that's not itself a notary server but only a rating agency), it means that the rating agency becomes another variation of CAs.

Every time I've studied this problem, all roads point back to a centralized trust model. Even if a technical solution to decentralized trust is devised, a social emergent phenomenon of centralized trust reappears. (Even Bitcoin with its decentralized aspirations suffered the social phenomenon of consolidating into pockets of centralized mining pools. Mining was theoretically democratic/decentralized but the real-world ability to spend money on GPU cards, then FPGAs, then ASICS is not decentralized.)

>Just like a user picks which search engine their browser will use, they user can also choose what group(s) of network notaries they will trust.

The average web surfer is not going to be going into their browser settings to adjust notary servers. Computer geeks and sophisticated techs like Bruce Schneier and Edward Snowden would tweak those hypothetical notary settings but a billion average users will not do that.

The typical non-tech web surfer is going to outsource the thinking about "which notary servers?" to somebody else. In response, a new centralized model overlaid on top of the notary servers would end up serving those users. Similar to how WebTrust is a reference for CAs.[2]

[1] https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%...

[2] http://security.stackexchange.com/questions/11464/getting-a-...

(1) In this model, the user decides which authorities to trust. With certificate authorities, the user must trust ALL of the "standard" authorities, or else wind up unable to verify sites that happen to purchase their cert from an untrusted authority. With notary servers, the end user can choose to trust whichever notaries they want (and not trust others) and can still validate certificates on all sites throughout the web.

(2) It is possible to verify with more than one notary, but with certificate authorities each site is only (normally) signed by one CA. This means you could, for example, trust 5 different notaries and an attacker would need to suborn all 5, whereas with certificate authorities an attacker would need to suborn only 1. Since most users will not adjust the default settings, I would hope that browsers would ship configured to verify against a set of about 12 trusted notaries, approving any certificate verified by at least 9 of them.

The only remaining piece needed is an onion-wrapped P2P protocol for forwarding the requests so that you don't leak your browsing history to all of the notaries.

[0] https://www.certificate-transparency.org/

It does occur to me that I could be being Man-In-The-Middle'd but I don't think so (well I would, wouldn't I ;)

I'm currently using this list instead of the default list:

perspectives1.schulte.org:8080 -----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF9YhEaUx+MR/9dw/ceF5+DAmTm KRylGYKz+rfLSKMS1PMfkGiXVB12qkGOj321PrphLs2s9KWLcxHnCwJdQWcg2xIA VQbZ2I5me2PEJNC+1Y9nqPR6AeKEljDPK/A1KiTjwDGjpvru8Djp25q++VJjhUZG y0Wq845LMMUbQGefh05IL4Y9vuMWRUjs0C6enkI5CnCcMIFD1uY5+rsqknw1Nthn 2ZhTVfcjxTsCAwEAAQ== -----END PUBLIC KEY-----

perspectives2.schulte.org:8080 -----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGcQwe1IeEnF/ZobSywrpzbv6Uw sZyxU7WThAaJ1EKy7UIYSrcJ6v/qurFwn9DwR8hxpXCgE8MRZdfVi99z69VE0Nmw 6vHLuC0PKQ/m3Gc+4LzfEyJ/fsPFsTsSqwog+ys8ehvCifoazewyLAZvVfBW3TVZ uv7REooR5rWVrkI05z/VLpY9eSanWxaBJikHE3AnfOocI60ZIvq2eftIkpqCppwr AZtwGtmxHa0CAwEAAQ== -----END PUBLIC KEY-----

perspectives3.schulte.org:8080 -----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAG0L5/mnLvIjQbD6yazszjVBWCb K7iUiav/M/9qoph2s1Nd2HSbEa2pZsNTtRrPNd2uPkYPGjkuhv5Ba3AMezN4eeEJ pxa0wBSuYX7deUcQCu+0W/tLXZ61ny/Ezu/mnAQ10HIiO7mQnDTliF4ReSWC9TuR axLr1tEh3i/pRoSOCtcWIR5y59BYu+GiPHl9IDOBraTG0R9ph+3fDVtf+kd+WUVv /d0tWI0UmGsCAwEAAQ== -----END PUBLIC KEY-----

perspectives4.schulte.org:8080 -----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF+1OV01dpujDpFoUtld37Pgy4/ 67E7EFB7YyHkfQbTuPnfZ2+UNScl80vcmN1hym8XJ0icPahah+SXMLq81UNxO6Xq 4s/41C5IxjnZN2Ij3EvhSPQ9HrK9+CVUmLWTWQRG7t5JaKGdlmYc5Fou1/SMoURZ z4LWWGwcYH5/DcBt64XL5c87v4g3mfCDptmFMg5Cy34uG+XEh0obvp5S+uuORwn1 agGH5DYpR1sCAwEAAQ== -----END PUBLIC KEY-----

notary2.qabs.cz:8080 -----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGYNrXeOuExUPjrwisreOZ67ZTT xaPVLncYrVrvE2Q3KzAqVvGlhyxZMnSLlHlHD5BJsA3bM/15ForpH/dJL+GnONZY sQdgVdDXH30231bImuOzqBNCqMsTB4hxg9U6a1J4h7sa1eOn5Zz1EbDGuW2+jEcE 0MjqpaYEEW7FZiZOIJQRz4jX26zfGGhtd7txfkZQ26lhiibo9auCxp1tnVJmBX2S VisNlAuuLM8CAwEAAQ== -----END PUBLIC KEY-----

Edit: removed servers that I just noticed were usually dissenting in the quorum. - So an attacker wouldn't have to MITM many extra domains with that list.

It sounds like this could make it risky to change your certificates. And if different notaries behave differently, that could become a huge headache.

For the same reason, not sure how it will protect the notaries themselves. What if my state controlled ISP MITM both my https connection and all connections to the notaries.