Search Mailing List Archives
[liberationtech] How to protect users from compelled fake ssl certs?
holz at net.in.tum.de
Tue Jul 2 09:59:23 PDT 2013
> What is the most effective way to protect users against a compelled fake
> certificate attack? Since any CA can issue any cert and any US based CA
> could probably be compelled to issue a fake CA, how can we protect
> against this?
Crossbear has automatic reporting:
Following some breakages in the Firefox API, we are going to relaunch it
in September. Until then, we're busy implementing the protocol for OONI
The current status is we've got it running, the hunting works, and it's
passed all initial tests. IPv6 is giving us some difficulty due to lack
of test cases.
Also, we're working on command-line visualisation tools.
I8 - Network Architectures and Services
Technische Universität München
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the liberationtech