[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
2009/2/24 coderman <coderman@xxxxxxxxx>:
> On Mon, Feb 23, 2009 at 12:04 PM, Fran Litterio <flitterio@xxxxxxxxx> wrote:
>> This is ok, but I'd also like to be alerted when the certificate changes for
>> a site that I regularly visit.
> Tyler's suggestion is a good one. if you want the certs themselves
> authenticated you get to manage them yourself too. remove all CA's by
> nuking libnssckbi.so and only add back those you've authenticated and
> sadly, this is beyond the skills of most people. the PKI cartel lives
> another day... :P
Perspectives (http://www.cs.cmu.edu/~perspectives/) is another useful
tool. You can change the quorum %, the length of time that quorum
must be acheived, and conditions under which Perspectives checks.
This isn't self-management, but does provide a additional certificate