Package: wnpp Severity: wishlist * Package name : certificatepatrol Version : 1.1 Upstream Author : Aiko Barz Mukunda Modell Carlo v. Loesch * URL : http://patrol.psyced.org/ * License : MPL 1.1, GPL 2.0, LGPL 2.1 Programming Lang: JavaScript, XUL Description : Certificate Watcher for Firefox/Seamonkey/Thunderbird/Sunbird/Fennec - This add-on reveals when certificates are updated, so you can ensure it was a legitimate change
Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate or intermediate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere. It is unclear how many intermediate certification authorities really exist, and yet each of them has "god-like power" to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still deemed too difficult, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org