Skip to content

Enhanced TLS indicator with an emphasis on information about the Root Certificate Authority from which the connection's authenticity is derived

Notifications You must be signed in to change notification settings

James-E-A/cerdicator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

[Alpha Release, testers only!]

What It Does

This software enhances the display of TLS connections by displaying at-a-glance the Root Certificate Authority that your browser trusts to certify the connection.

Future releases will include country-of-jurisdiction display, enhanced and user-friendly certificate pinning, Intermediate Certificate Authority display, and other requested features (submit your ideas here!).

For maximum effectiveness, replace the blank, empty spacer that exists OOTB in Firefox between your URL bar and the navigation buttons with this add-on's badge. (Chrome support pending on CH#1187713.)

Why It Exists

https://archive.is/o/www.wired.com/2010/03/packet-forensics/#selection-2513.25-2513.243

https://www.eff.org/observatory#:~:text=650-odd%20organizations%20that%20function%20as%20Certificate%20Authorities%20trusted%20%28directly%20or%20indirectly%29%20by%20Mozilla%20or%20Microsoft.

According to tech blogger Ryan Singel, writing for Wired magazine in 2010, privacy researcher Christopher Soghoian found a brochure at a wiretapping conference in which Packet Forensics, LLC advertised a device that [emphasis added]:

“[Gives users] the ability to… generate ‘look-alike’ [SSL] keys designed to give the subject a false sense of confidence in its authenticity

When the editors tried to reach out to Packet Forensics about this, their spokesman, Ray Saulino, allegedly (and hilariously):

initially denied the product performed as advertised, or that anyone used it

then added that

“…there is nothing special or unique about it… Our target community is the law enforcement community.”

Today

I intend to follow in the footsteps of the paper (linked in the appendix below) which Dr. Soghoian wrote alongside Dr. Sid Stamm analyzing the threat models presented by this device, and in particular intend to write the spiritual successor to their software introduced therein, CertLock.

In particular, this software will be written under the following assumptions:

  1. Mr. Saulino is lying through his teeth here (presumably under NDA)
  2. Both Mr. Singel and Dr. Soghoian are being truthful in their reports
  3. The brochure acquired at the conference was both genuine (actually published by Packet Forensics) and truthful (the product it advertises performs as claimed)

https://i.imgflip.com/58y0io.jpg

Quacking Crazy PDFs

First-Order Related to this problem

About

Enhanced TLS indicator with an emphasis on information about the Root Certificate Authority from which the connection's authenticity is derived

Topics

Resources

Stars

Watchers

Forks