[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):

> On Mon, 21 Mar 2011 09:05:30 -0400
> Joseph Lorenzo Hall <joehall@xxxxxxxxx> wrote:
> > It strikes me that I'd want notice (or the option to get notice)
> > before submitting rare certs to the database... say a dialog like:
> > "We're about to submit the certificate for the following site, [x] ok,
> > [ ] no, do not submit this certificate. ([ ] remember this preference
> > for this certificate)." My reasoning is that I should usually have a
> > good idea when I'm expecting a rare/self-signed cert, and if I'm not
> > expecting it, I'd probably want to submit it. Does that make sense?
> > best, Joe
> 1. The extension cannot determine whether you have a ???rare??? certificate
>    without querying the database.

Well, we are planning on shipping a list of the most popular TLS leaf
fingerprints in the addon itself to reduce load on the observatory.
This would be what "rare" means for deciding when to submit.

But this is still likely too common to ask every time. 

> 2. If users do not report self-signed certificates that they expect to
>    see, the database cannot be used to detect man-in-the-middle attacks
>    on sites that use self-signed certificates.

For those users, yes. But even if only one user is submitting
self-signed certs, each observatory instance can also check the site
itself, much like Perspectives.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpkwPuI9OoYl.pgp
Description: PGP signature

tor-talk mailing list