LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DNSSEC

DNSSEC

Posted Mar 25, 2010 20:16 UTC (Thu) by HenrikH (guest, #31152)
In reply to: DNSSEC by dwheeler
Parent article: Blaze: The Spy in the Middle

Also browsers should put up a warning then a site all of the sudden have changed certificate/ca. Yes, it would give false positives when sites change their certificates due to expiry date, but the algorithm could include expiry date and also moste sites probably change their CA more seldom than they change their certificates so stronger warning could be issue then.

(Log in to post comments)

DNSSEC

Posted Mar 27, 2010 2:06 UTC (Sat) by hamish (subscriber, #6282) [Link]

A firefox extension that pretty much does this is available (surprise surprise)

http://patrol.psyced.org/

It shows you each site's certificate when the browser first encounters it, then shows you a side-by-side comparison if the site ever changes its certificate.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds