

An update on EFF's SSL Observatory project (video from 27c3) - there
http://www.youtube.com/watch?v=VUKCDm04AqI

======
rfugger
<http://www.cs.cmu.edu/~perspectives/firefox.html>

We have developed an extension to the popular Firefox browser that contacts
network notaries whenever your browser connects an HTTPS website.

The extension provides two primary benefits:

1\. If you connect to a website with an untrusted (e.g.,self-signed
certificate)*, Firefox will give you a very nasty security error and force you
to manually install an exception. Perspectives can detect whether a self-
signed certificate is valid, and automatically overrides the annoying security
error page if it is safe to do so.

2\. It is possible that an attacker may trick one of the many Certificate
Authorities trusted by Firefox into incorrectly issuing a certificate for a
trusted website. Perspectives can also detect this attack and will warn you if
things look suspicious.

------
there
pretty amazing that there are 1482 certificate authorities in 52 countries
that are trusted by most browsers.

