| Certlock | Christoper Soghoian and Sid Stamm have written a academic paper about this problem and imply that they will release a Firefox add-on which performs a TOFU (Trust on First Use) cache of the cert, with additional checking for country of certification. |
| Conspiracy | Kai Engert released this Firefox addon to display country of certification. |
| DoubleCheck | Mansoor Alicherry and Angelos D. Keromytis have a Firefox addon which performs a second check of the cert via TOR. Academic paper here. |
| Perspectives | Another tool for external cert verification using "Notary servers", by Dan Wendlandt et al. Probably the closest implementation to what I'm proposing. Academic paper here. |
| Certificate Patrol | Firefox addon to display changes to SSL certs, plus display info on certs for first-visit sites. |
Thursday, April 1, 2010
Existing solutions to SSL untrusted CA
Current solutions to why you can't trust SSL:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment