Thursday, April 1, 2010

Existing solutions to SSL untrusted CA

Current solutions to why you can't trust SSL:

CertlockChristoper Soghoian and Sid Stamm have written a academic paper about this problem and imply that they will release a Firefox add-on which performs a TOFU (Trust on First Use) cache of the cert, with additional checking for country of certification.
ConspiracyKai Engert released this Firefox addon to display country of certification.
DoubleCheckMansoor Alicherry and Angelos D. Keromytis have a Firefox addon which performs a second check of the cert via TOR. Academic paper here.
PerspectivesAnother tool for external cert verification using "Notary servers", by Dan Wendlandt et al. Probably the closest implementation to what I'm proposing. Academic paper here.
Certificate PatrolFirefox addon to display changes to SSL certs, plus display info on certs for first-visit sites.

No comments:

Post a Comment