[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using passwords with TOR

On 5/22/11, tor@xxxxxxxxxxxxxxxxxx <tor@xxxxxxxxxxxxxxxxxx> wrote:
> On 22/05/2011 20:03, Lee wrote:
>>> I use a Firefox addon called Certificate Patrol. It keeps a record of
>>> certificates that https websites serve. It then alerts you if they
>>> change. It displays information about the old certificate next to the
>>> new certificate so you can tell if the issuer has changed, and if the
>>> old cert was due to expire anyway.
>>> Should come in handy if you come across a Tor Exit node that is somehow
>>> generating "valid" certificates for a domain and MITM'ing you.
>> yes - that looks helpful.  Which version of Firefox are you using?  I
>> tried it with FF 4.0.1 and no matter what the settings, javascript
>> enabled/disabled, noscript addon enabled/disabled I couldn't get a
>> popup for a newly accepted cert :(
> Strange. I'm using 4.0.1 on OSX. I just turned on the functionality to
> always popup info about new certificates and I don't think that is
> working for me either. It definitely pops up stuff when the certificate
> changes though. Maybe worth a bug report?

Known issue - latest review says
  It turned out that there was a lot more than just this preference
broken in v1.8.2 ;@)
  Anyone using v1.8.2 should either rollback to an earlier version or
install the new build v1.8.3.

I was about ready to revert to FF 3.6.17 to see if that made any
difference.  Thanks for the confirmation that it wasn't just my
install that had a problem!

I haven't been able to find a site where the certs change, but at
least with 1.8.3 I get a popup about a new cert


> --
> Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
> Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
> PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
tor-talk mailing list