Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How to protect users from compelled fake ssl certs?

Ralph Holz holz at net.in.tum.de
Tue Jul 2 09:59:23 PDT 2013


Hi,

> What is the most effective way to protect users against a compelled fake
> certificate attack? Since any CA can issue any cert and any US based CA
> could probably be compelled to issue a fake CA, how can we protect
> against this?

Crossbear has automatic reporting:
http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/holz_x509forensics_esorics2012.pdf

Following some breakages in the Firefox API, we are going to relaunch it
in September. Until then, we're busy implementing the protocol for OONI
(-> OONIBear):

https://ooni.torproject.org/

The current status is we've got it running, the hunting works, and it's
passed all initial tests. IPv6 is giving us some difficulty due to lack
of test cases.

Also, we're working on command-line visualisation tools.

Ralph

-- 
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF



More information about the liberationtech mailing list