Convergence IMHO does not work. The UI is poor and fundamentally it's just the CA model with very short lived constantly renewed certificates. There's no particular reason to believe it'd work better than the existing PKI for ordinary users.
> it's just the CA model with very short lived constantly renewed certificates
Very strange conclusion. Convergence have following properties CA model does not have:
* trust is optional (you don't have to trust Iranian CAs)
* trust is revocable (you can safely remove trust from any notary)
* trust is distributed (you trust only if all notaries are acting as one; as opposing to "you trust anything any of CAs will say")
Notaries are not signing anything, they are not CAs. Also, there is nothing like "short lived constantly renewed certificates" in this model. Hosts are using self-signed certs (or CA signed - does not matter). Notaries are functioning in "attacker will not MiTM whole Internet" model and only help you detecting if something went wrong.
If anything, convergence is a combination of TOFU and WoT models. Although an attempt to describe a security model by such comparisons does not help much.
That's interesting coming from the Bitcoin angle as I've seen Trezor present before and personally opposed Gavin's stance on both SSL use and the general scope increase in Bitcoin's Payments/Receipts discussions. Deaf ears.
But unfortunately she does not take TACK/pinning + Convergence in consideration.