It strikes me that I'd want notice (or the option to get notice) before submitting rare certs to the database... say a dialog like: "We're about to submit the certificate for the following site, [x] ok, [ ] no, do not submit this certificate. ([ ] remember this preference for this certificate)." My reasoning is that I should usually have a good idea when I'm expecting a rare/self-signed cert, and if I'm not expecting it, I'd probably want to submit it. Does that make sense? best, Joe
On Sunday, March 20, 2011, Mike Perry <[email protected]> wrote: > Thus spake coderman ([email protected]): > >> > The brief summary is that it will be submitting rare TLS certificates >> > through Tor to EFF for analysis and storage. We will also leverage the >> > database of certificates to provide notification in the event of >> > targeted MITM attacks**. >> > >> > I am trying to decide if this is a bad thing to enable by default for >> > users. >> >> if EFF was presented with a national security letter or other legal >> demand under seal demanding the existence of a given certificate not >> be exposed, would they be bound to not present a MITM alert for that >> cert? > > Leaving this for pde and/or Seth. > >> (said another way, could this potentially be a false sense of >> security, if all trust for anomaly notification was placed in the EFF >> alone?) > > The reality is we won't have the Firefox APIs to actually prevent > content load after certificate inspection any time soon, so it's not > feasible to trust this as your only security measure. Monsterous hacks > might make this possible sooner, though... > > On a timescale where we can provide real security rather than just > analysis and post-pwnage notification, we can build multiple databases > to submit to/query, just like Perspectives. > > There's also no real reason why you can't use both Perspectives and > HTTPS-Everywhere. Then you can get both of our half-assed > after-the-fact notifications that you were owned :) > > > -- > Mike Perry > Mad Computer Scientist > fscked.org evil labs > -- Joseph Lorenzo Hall ACCURATE Postdoctoral Research Associate UC Berkeley School of Information Princeton Center for Information Technology Policy http://josephhall.org/ _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
