Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > On Mon, 21 Mar 2011 09:05:30 -0400 > Joseph Lorenzo Hall <joehall@xxxxxxxxx> wrote: > > > It strikes me that I'd want notice (or the option to get notice) > > before submitting rare certs to the database... say a dialog like: > > "We're about to submit the certificate for the following site, [x] ok, > > [ ] no, do not submit this certificate. ([ ] remember this preference > > for this certificate)." My reasoning is that I should usually have a > > good idea when I'm expecting a rare/self-signed cert, and if I'm not > > expecting it, I'd probably want to submit it. Does that make sense? > > best, Joe > > 1. The extension cannot determine whether you have a ???rare??? certificate > without querying the database. Well, we are planning on shipping a list of the most popular TLS leaf fingerprints in the addon itself to reduce load on the observatory. This would be what "rare" means for deciding when to submit. But this is still likely too common to ask every time. > 2. If users do not report self-signed certificates that they expect to > see, the database cannot be used to detect man-in-the-middle attacks > on sites that use self-signed certificates. For those users, yes. But even if only one user is submitting self-signed certs, each observatory instance can also check the site itself, much like Perspectives. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpkwPuI9OoYl.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk