Thus spake coderman (coderman@xxxxxxxxx): > > The brief summary is that it will be submitting rare TLS certificates > > through Tor to EFF for analysis and storage. We will also leverage the > > database of certificates to provide notification in the event of > > targeted MITM attacks**. > > > > I am trying to decide if this is a bad thing to enable by default for > > users. > > if EFF was presented with a national security letter or other legal > demand under seal demanding the existence of a given certificate not > be exposed, would they be bound to not present a MITM alert for that > cert? Leaving this for pde and/or Seth. > (said another way, could this potentially be a false sense of > security, if all trust for anomaly notification was placed in the EFF > alone?) The reality is we won't have the Firefox APIs to actually prevent content load after certificate inspection any time soon, so it's not feasible to trust this as your only security measure. Monsterous hacks might make this possible sooner, though... On a timescale where we can provide real security rather than just analysis and post-pwnage notification, we can build multiple databases to submit to/query, just like Perspectives. There's also no real reason why you can't use both Perspectives and HTTPS-Everywhere. Then you can get both of our half-assed after-the-fact notifications that you were owned :) -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgp9nVmjwodtW.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk