[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)
iang at iang.org
Thu Dec 1 11:43:59 EST 2011
On 2/12/11 03:26 AM, Rose, Greg wrote:
> On 2011 Nov 30, at 22:28 , Jon Callas wrote:
>> On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote:
>>> I run a wonderful Firefox extension called Certificate Patrol. It keeps a local cache of certificates, and warns you if a certificate, CA, or public key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my stockbroker's web site, the warnings started to appear. Then it was just checking IP addresses and stuff.
>> And I presume you didn't save the cert.
>> Of course, we just need to have people look for these and then save them.
> Yes. I regret that I had much bigger issues at the time than saving the cert.
I'm just poking around, it seems that Certificate Patrol should keep the
Tools / Add-ons / Certificate Patrol / Preferences / View Certificates /
getting tired now / Certificate Patrol, maybe click around here coz it
didn't show the certs first time / turn off Group by Root Key / click on
Stored Since to order, maybe twice / check the date in the hotel / ...
time for a stiff drink / click on the cert / View / Details / Export / :-o
It does store certs. It just takes above & beyond to get at them.
Unknown whether it stores certs that you reject.
iang, now about that drink...
More information about the cryptography