[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
From: Jo <blipwart@xxxxxxxxx>
Date: Sun, 1 Mar 2009 21:19:22 +1000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 01 Mar 2009 06:19:26 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=+ClKOO0sPWSqsMHHuka68iGvwrHCEtpLg5ofCdjw/HI=; b=dknhA+Aur3jzAUmGgkNPIPQ5WfD8BmwAGg/TVIU/5dMbrWwvjWI1j5y4Nas41uyv5a 4X7JGF6Jnom9NaU5jBXl1OnN2D2ZR/OdjwbazT1xX9Cfnq4p8AZ7HPHX6r41idmSL0j4 FEo7TFGnIy5TcJYtBNMEhVHH8zF8W5e9VXFSE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=kIq2B+BNZjbnTRe62TO0+XtAr3L9nm4qat0t4GCkg3SadTuKckTtG3UlFXgPlVTEF6 gjExZG0xRHiieawJZYwp/4C7t5vg9SqpqmKqHZq1QFliVVyQ+qvATooz44wXMfJ0l0si sqClZklt9FzfejcuqmB2fLLf9XDUydQVyPrBk=
In-reply-to: <4ef5fec60902231219x3e0c44dckd3eefbdc2679b187@xxxxxxxxxxxxxx>
References: <4ef5fec60902231119s2cccd1bcwdfb3313046b2a988@xxxxxxxxxxxxxx> <a5b589a70902231204q107362e4q31c7074115f19860@xxxxxxxxxxxxxx> <4ef5fec60902231219x3e0c44dckd3eefbdc2679b187@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

2009/2/24 coderman <coderman@xxxxxxxxx>:
> On Mon, Feb 23, 2009 at 12:04 PM, Fran Litterio <flitterio@xxxxxxxxx> wrote:
>> ...
>> This is ok, but I'd also like to be alerted when the certificate changes for
>> a site that I regularly visit.
>
> yes.
>
> Tyler's suggestion is a good one.  if you want the certs themselves
> authenticated you get to manage them yourself too.  remove all CA's by
> nuking libnssckbi.so and only add back those you've authenticated and
> trust.
>
> sadly, this is beyond the skills of most people. the PKI cartel lives
> another day... :P

Perspectives (http://www.cs.cmu.edu/~perspectives/) is another useful
tool.  You can change the quorum %, the length of time that quorum
must be acheived, and conditions under which Perspectives checks.
This isn't self-management, but does provide a additional certificate
check.

J

Prev by Author: Re: News from my Tor Server raid
Next by Author: Re: more on the Comcast 250 GB/mo. problem
Previous by thread: Re: Excluding some networks
Next by thread: Re: Questions about gathering information and statistics about the tor-network
Index(es):
- Author
- Thread