Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

Ralph Holz holz at
Tue Jul 2 09:59:23 PDT 2013


> What is the most effective way to protect users against a compelled fake
> certificate attack? Since any CA can issue any cert and any US based CA
> could probably be compelled to issue a fake CA, how can we protect
> against this?

Crossbear has automatic reporting:

Following some breakages in the Firefox API, we are going to relaunch it
in September. Until then, we're busy implementing the protocol for OONI
(-> OONIBear):

The current status is we've got it running, the hunting works, and it's
passed all initial tests. IPv6 is giving us some difficulty due to lack
of test cases.

Also, we're working on command-line visualisation tools.


Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
Phone +
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

More information about the liberationtech mailing list