We develop TrustBar, a simple extension to FireFox (& Mozilla), that displays the name and logo of SSL protected sites, as well as of the CA (so users can notice the use of untrusted CA). I think it is fair to say that this extension fixes some glitches in the deployment of SSL/TLS, i.e. in the most important practical cryptographic solution.

TrustBar works pretty well for several alpha users. The solution benefited a lot from discussions on this list, including substantial input by Ian. You can download it from http://trustbar.mozdev.org (and it is completely script so what you download is also the source code).

I am hoping some of you may be able to help improve, evaluate and deploy this solution. In particular, we need implementations for other browsers (e.g. IE...); we can also use help in continuing our development as several pretty cool ideas are not done yet, due to other commitments of us (Ahamd Gbara and me). For example, we designed a simple mechanism to allow sites to protect (cryptographically) also pages where SSL is too expensive, but it is waiting for implementation for a while... And of course we need evaluations, code reviews, testing... In fact, I wouldn't object if some serious open-code developer assumed responsibility...

If people are interested, and want to discuss face to face, I'll be in RSA on 15-18/February...

Best, Amir Herzberg

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to