[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG iang at iang.org
Thu Dec 1 11:43:59 EST 2011


On 2/12/11 03:26 AM, Rose, Greg wrote:
> On 2011 Nov 30, at 22:28 , Jon Callas wrote:
>
>> On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote:
>>
>>> I run a wonderful Firefox extension called Certificate Patrol. It keeps a local cache of certificates, and warns you if a certificate, CA, or public key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my stockbroker's web site, the warnings started to appear. Then it was just checking IP addresses and stuff.
>> And I presume you didn't save the cert.
>>
>> Of course, we just need to have people look for these and then save them.
> Yes. I regret that I had much bigger issues at the time than saving the cert.

I'm just poking around, it seems that Certificate Patrol should keep the 
cert.

In Firefox

Tools / Add-ons / Certificate Patrol / Preferences / View Certificates / 
getting tired now / Certificate Patrol, maybe click around here coz it 
didn't show the certs first time / turn off Group by Root Key / click on 
Stored Since to order, maybe twice / check the date in the hotel / ... 
time for a stiff drink / click on the cert / View / Details / Export / :-o

It does store certs.  It just takes above & beyond to get at them.  
Unknown whether it stores certs that you reject.


iang, now about that drink...



More information about the cryptography mailing list