Note: There are a few cases of duplicates in user autocompletion which are being worked on.

add defense in depth warnings when certificate info looks suspicious

NEW
Unassigned

Status

()

Firefox
Page Info Window
6 years ago
3 years ago

People

(Reporter: chris hofmann, Unassigned)

Tracking

(Depends on: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
there are at least a couple of addons and services with ideas about how to surface info to users when they could be under MitM attack.

a few of these were mentioned in

http://www.netresec.com/?page=Blog&month=2011-03&post=Network-Forensic-Analysis-of-SSL-MITM-Attacks

"...There are several ways users can detect MITM attacks, even when the certificate seems to be signed by a trusted CA. There are, for example, Firefox plugins available from Certificate Patrol as well as Perspectives that can help users by alerting on “new” certificates that have not been seen before. "

we should consider adding ways to surface this info for situations like

[Bug 642395] Deal with bogus certs issued by Comodo partner
[Bug 643056] Revocation isn't enough
Recommend Removing RSA Security 1024 V3 root certificate authority
Options -- http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc

and others cases where certificate have been compromised or suspect.
(Reporter)

Updated

6 years ago
OS: Mac OS X → All
(Reporter)

Comment 1

6 years ago
more on some usability improvements and ideas on Trust on First Use and Persistence of Pseudonym (TOFU/POP) in some slides by Chris Palmer
noncombatant.org  Ideas developed with Seth Schoen and Peter Eckersley eff.org

https://docs.google.com/present/view?id=df9sn445_206ff3kn9gs&pli=1

Comment 2

6 years ago
bug 645819 Write an extension which auto-imports CRLs when it finds them
(Reporter)

Updated

6 years ago
Depends on: 642503, 645819
(Reporter)

Updated

6 years ago
Depends on: 489347
You need to log in before you can comment on or make changes to this bug.