Bug#575502: RFP: certificatepatrol -- Certificate Watcher for Firefox/Seamonkey/Thunderbird/Sunbird/Fennec - This add-on reveals when certificates are updated, so you can ensure it was a legitimate change
Package: wnpp
Severity: wishlist
* Package name : certificatepatrol
Version : 1.1
Upstream Author : Aiko Barz
Mukunda Modell
Carlo v. Loesch
* URL : http://patrol.psyced.org/
* License : MPL 1.1, GPL 2.0, LGPL 2.1
Programming Lang: JavaScript, XUL
Description : Certificate Watcher for Firefox/Seamonkey/Thunderbird/Sunbird/Fennec - This add-on reveals when certificates are updated, so you can ensure it was a legitimate change
Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate or intermediate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere.
It is unclear how many intermediate certification authorities really exist, and yet each of them has "god-like power" to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still deemed too difficult, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening.
Reply to: