Can you help develop crypto anti-spoofing/phishing tool ?
Ed Gerck
egerck at nma.com
Thu Feb 3 14:29:08 EST 2005
Amir Herzberg wrote:
> We develop TrustBar, a simple extension to FireFox (& Mozilla), that
> displays the name and logo of SSL protected sites, as well as of the CA
> (so users can notice the use of untrusted CA). I think it is fair to say
> that this extension fixes some glitches in the deployment of SSL/TLS,
> i.e. in the most important practical cryptographic solution.
Yes, because it makes the user notice what CAs the _browser_ has
decided the user _automatically_ accepts [1]. But there is a caveat. Can
you trust what trustbar shows you? And, of course, knowing what CA
is being used is also possible without trustbar but requires a couple
mouseclicks. Wouldn't it be better if Firefox/Mozilla simply
put the name of the CA next to the lock icon?
Cheers,
Ed Gerck
[1] see corresponding flaws noted in
http://nma.com/papers/certover.pdf
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list