Can you help develop crypto anti-spoofing/phishing tool ?
Amir Herzberg
herzbea at macs.biu.ac.il
Wed Feb 2 15:11:54 EST 2005
We develop TrustBar, a simple extension to FireFox (& Mozilla), that
displays the name and logo of SSL protected sites, as well as of the CA
(so users can notice the use of untrusted CA). I think it is fair to say
that this extension fixes some glitches in the deployment of SSL/TLS,
i.e. in the most important practical cryptographic solution.
TrustBar works pretty well for several alpha users. The solution
benefited a lot from discussions on this list, including substantial
input by Ian. You can download it from http://trustbar.mozdev.org (and
it is completely script so what you download is also the source code).
I am hoping some of you may be able to help improve, evaluate and deploy
this solution. In particular, we need implementations for other browsers
(e.g. IE...); we can also use help in continuing our development as
several pretty cool ideas are not done yet, due to other commitments of
us (Ahamd Gbara and me). For example, we designed a simple mechanism to
allow sites to protect (cryptographically) also pages where SSL is too
expensive, but it is waiting for implementation for a while... And of
course we need evaluations, code reviews, testing... In fact, I wouldn't
object if some serious open-code developer assumed responsibility...
If people are interested, and want to discuss face to face, I'll be in
RSA on 15-18/February...
Best, Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list