2009/2/24 coderman <[email protected]>: > On Mon, Feb 23, 2009 at 12:04 PM, Fran Litterio <[email protected]> wrote: >> ... >> This is ok, but I'd also like to be alerted when the certificate changes for >> a site that I regularly visit. > > yes. > > Tyler's suggestion is a good one. if you want the certs themselves > authenticated you get to manage them yourself too. remove all CA's by > nuking libnssckbi.so and only add back those you've authenticated and > trust. > > sadly, this is beyond the skills of most people. the PKI cartel lives > another day... :P
Perspectives (http://www.cs.cmu.edu/~perspectives/) is another useful tool. You can change the quorum %, the length of time that quorum must be acheived, and conditions under which Perspectives checks. This isn't self-management, but does provide a additional certificate check. J

