Package: wnpp
Severity: wishlist
* Package name : certificatepatrol
Version : 1.1
Upstream Author : Aiko Barz
Mukunda Modell
Carlo v. Loesch
* URL : http://patrol.psyced.org/
* License : MPL 1.1, GPL 2.0, LGPL 2.1
Programming Lang: JavaScript, XUL
Description : Certificate Watcher for
Firefox/Seamonkey/Thunderbird/Sunbird/Fennec - This add-on reveals when
certificates are updated, so you can ensure it was a legitimate change
Your web browser trusts a lot of certification authorities and chained
sub-authorities, and it does so blindly. "Subordinate or intermediate
certification authorities" are a little known device: The root CAs in your
browser can delegate permission to issue certificates to an unlimited amount of
subordinate CAs (SCA) just by signing their certificate, not by borrowing their
precious private key to them. You can even buy yourself such a CA from GeoTrust
or elsewhere.
It is unclear how many intermediate certification authorities really exist, and
yet each of them has "god-like power" to impersonate any https web site using a
Man in the Middle (MITM) attack scenario. Researchers at Princeton are
acknowledging this problem and recommending Certificate Patrol. Revealing the
inner workings of X.509 to end users is still deemed too difficult, but only
getting familiar with this will really help you get in control. That's why
Certificate Patrol gives you insight of what is happening.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]